Lucene search
K

10 matches found

NVD
NVD
added 2026/07/06 9:16 p.m.12 views

CVE-2026-57571

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS0.00502EPSS
Exploits1References2
OSV
OSV
added 2026/06/27 12:12 a.m.7 views

GHSA-72R4-9C5J-MJ57 pnpm: `patch-remove` could delete project-selected files outside the patches directory

Summary The patch-remove deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This patch validates the...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/19 5:45 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...

6.5CVSS6AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.31 views

PT-2026-50823

Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...

5.9CVSS6AI score0.00198EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:39 p.m.2 views

CVE-2026-6941

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...

6.9CVSS5.9AI score0.00198EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32020

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/17 4:43 p.m.12 views

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

8.1CVSS6.7AI score0.00363EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/04/10 12:37 a.m.19 views

Privilege Escalation

systemtap is vulnerable to privilege escalation. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group and hence root, bypassing directory confinement restrictions and allowing them to insert arbitrar...

6.3CVSS4.5AI score0.00257EPSS
Exploits1References10Affected Software1
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.19 views

CentOS Update for systemtap CESA-2009:0373 centos4 i386

Check for the Version of systemtap OpenVAS Vulnerability Test CentOS Update for systemtap CESA-2009:0373 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

6.9CVSS6.4AI score0.00257EPSS
Exploits1References2
Cent OS
Cent OS
added 2009/03/26 5:22 p.m.65 views

systemtap security update

CentOS Errata and Security Advisory CESA-2009:0373 Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation...

6.3CVSS5.9AI score0.00257EPSS
Exploits1References8
Rows per page
Query Builder