Lucene search
K

7 matches found

OSV
OSV
added 2026/06/11 5:10 p.m.6 views

GHSA-RCVQ-M9J9-6F4G @hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

5.3CVSS5.6AI score0.00062EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/11 5:10 p.m.11 views

@hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

5.6AI score0.00062EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

4.8CVSS5.9AI score0.00131EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.9 views

EUVD-2026-12726

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS6.8AI score0.03686EPSS
Exploits2References4
OSV
OSV
added 2020/07/29 5:15 p.m.4 views

DEBIAN-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

5.9CVSS6.3AI score0.00365EPSS
Exploits0References1
OSV
OSV
added 2020/07/15 12:0 p.m.2 views

UBUNTU-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

5.9CVSS6.6AI score0.00365EPSS
Exploits0References3
Rows per page
Query Builder