Lucene search
K

255 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 1:4 p.m.8 views

Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handle...

6.9CVSS6.3AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49265

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.6 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.11 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.5 views

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.16 views

CVE-2026-41911

CVE-2026-41911 affects the OpenClaw project: OpenClaw prior to 2026.4.8 contains a filesystem policy bypass during docx upload processing that allows local file reads outside the workspace boundaries. Attackers can exploit the upload_file and upload_image endpoints to access files beyond the inte...

6.5CVSS5.3AI score0.00326EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.4 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.33 views

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained a path traversal vulnerability. This vulnerability stemmed from a bypass of the file system policies during the.docx upload processing, allowing attackers to read...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/09 5:36 p.m.12 views

OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)

Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...

6.5CVSS5.9AI score0.00326EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 5:36 p.m.7 views

GHSA-5FC7-F62M-8983 OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)

Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...

2.1CVSS5.8AI score0.00326EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/31 11:53 p.m.14 views

OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...

6.5CVSS6AI score0.00339EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 11:53 p.m.3 views

GHSA-QF48-QFV4-JJM9 OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...

6CVSS6AI score0.00339EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/18 4:29 p.m.289 views

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

7.8CVSS7AI score0.70721EPSS
Exploits8
vulnersOsv
vulnersOsv
added 2026/01/20 6:31 p.m.8 views

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +50 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (>=0.9.2 <=2.0.3)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.document MAVEN version =0.9.2, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: OSV:GHSA-7JC7-G598-2P64...

9.8CVSS5.7AI score0.00492EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/20 6:31 p.m.9 views

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...

9.8CVSS5.7AI score0.00504EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/01/20 6:31 p.m.8 views

XDocReport affected by an XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

9.8CVSS6AI score0.00492EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2026/01/20 4:16 p.m.9 views

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

9.8CVSS0.00492EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/01/20 3:44 p.m.7 views

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +32 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx (>=0.9.5 <=2.2.0)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: SNYK:JAVA-FROPENSAGRESXDOCREPORT-1504671...

9.8CVSS5.7AI score0.00492EPSS
Exploits1
Rows per page
Query Builder