Lucene search
K

200 matches found

OSV
OSV
added 2026/03/03 6:9 p.m.5 views

GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading

Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...

8.3CVSS6.2AI score0.00439EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-26011

Summary A path-confinement bypass in browser output handling allowed writes outside intended roots in openclaw versions up to and including 2026.3.1. The fix unifies root-bound, file-descriptor-verified write semantics and canonical path-boundary validation across browser output and related...

5.3CVSS5.8AI score0.0013EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS6.8AI score0.03686EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/03/02 9:53 p.m.26 views

OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...

9.9CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
Grafana
Grafana
added 2026/02/25 12:0 a.m.13 views

Authorization bypass in Grafana datasource deletion

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/17 4:43 p.m.12 views

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

8.1CVSS6.7AI score0.00363EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.8 views

pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

6.7CVSS6.1AI score0.00469EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-25897

Name of the Vulnerable Software and Affected Versions Ubuntu 16.04 LTS affected versions not specified Ubuntu 18.04 LTS affected versions not specified Ubuntu 20.04 LTS versions prior to 2.67.1+20.04ubuntu1esm1 Ubuntu 22.04 LTS affected versions not specified Ubuntu 24.04 LTS versions prior to...

7.8CVSS8.5AI score0.00383EPSS
Exploits6References139
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-1475

Malware in sbrugna...

7.2CVSS4.3AI score0.00459EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-18305

Malware in sbrugna...

8.8CVSS8.6AI score0.00385EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-1474

Malware in sbrugna...

4.6CVSS4.3AI score0.0037EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-680656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680656 advisory. A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for...

6.3CVSS6.9AI score0.00493EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-33996

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00437EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2025/09/04 4:8 a.m.6 views

Cri-o: pods are able to break out of resource confinement on cgroupv2

...

7.5CVSS7AI score0.00859EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2021-3631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled...

6.3CVSS6.8AI score0.00493EPSS
Exploits1References3
Veracode
Veracode
added 2024/08/05 7:43 a.m.16 views

Incorrect Permission Assignment For Critical Resource

github.com/snapcore/snapd is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to the improper restriction of writes to the $HOME/bin path. An attacker can execute arbitrary scripts outside of the expected snap sandbox, potentially allowing them to esca...

8.2CVSS7.2AI score0.00306EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/25 9:31 p.m.17 views

snapd failed to restrict writes to the $HOME/bin path

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.2AI score0.00306EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/07/25 9:31 p.m.21 views

GHSA-4MH8-9689-38VR snapd failed to restrict writes to the $HOME/bin path

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS6.9AI score0.00306EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2024/07/25 8:0 p.m.20 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7AI score0.00306EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/07/25 7:5 p.m.58 views

CVE-2024-1724 snapd allows $HOME/bin symlink

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS0.00306EPSS
Exploits1References3
Rows per page
Query Builder