255 matches found
Gotenberg: SSRF via LibreOffice document processing
Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...
Linux Distros Unpatched Vulnerability : CVE-2026-6047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handle...
PT-2026-49265
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
CVE-2026-41911
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911
CVE-2026-41911 affects the OpenClaw project: OpenClaw prior to 2026.4.8 contains a filesystem policy bypass during docx upload processing that allows local file reads outside the workspace boundaries. Attackers can exploit the upload_file and upload_image endpoints to access files beyond the inte...
CVE-2026-41911
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained a path traversal vulnerability. This vulnerability stemmed from a bypass of the file system policies during the.docx upload processing, allowing attackers to read...
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...
GHSA-5FC7-F62M-8983 OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
Impact Feishu docx uploadfile/uploadimage Bypasses Workspace-Only Filesystem Policy GHSA-qf48-qfv4-jjm9 Incomplete Fix. Feishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks. OpenClaw is a user-controlled local assistant. This...
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...
GHSA-QF48-QFV4-JJM9 OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +50 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (>=0.9.2 <=2.0.3)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document MAVEN version =0.9.2, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: OSV:GHSA-7JC7-G598-2P64...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...
XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +32 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx (>=0.9.5 <=2.2.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document.docx MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: SNYK:JAVA-FROPENSAGRESXDOCREPORT-1504671...