16857 matches found
GHSA-W235-X559-36MG OpenClaw: Docker container escape via unvalidated bind mount config injection
Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...
CVE-2026-22860
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
UBUNTU-CVE-2026-22860
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
CVE-2026-22860
CVE-2026-22860 — Rack (Ruby Rack) Directory Traversal Rack::Directory is vulnerable because its path check uses a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root and enable directory listing outside of the intended root. This issue affects...
GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
PT-2026-20964
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...
Important: firefox
Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7. CVE-2026-0877 Sandbox escape due to incorrec...
GO-2026-4456 Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering in github.com/mattermost/mattermost-plugin-confluence...
CLSA-2026-1771329952 Fix CVE(s): CVE-2025-13601
SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring - CVE-2025-13601...
nodejs: Nodejs file permissions bypass
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
nodejs: Nodejs file permissions bypass
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
PT-2026-31941
Name of the Vulnerable Software and Affected Versions Apache Log4j 1-to-Log4j 2 bridge versions prior to 2.25.4 Description The Log4j1XmlLayout component fails to escape characters forbidden by the XML 1.0 standard, resulting in malformed XML output. Because conforming XML parsers must reject...
Exploit for CVE-2025-4138
CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...
CVE-2026-26268
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...
Exploit for OS Command Injection in Docker
HATCH Host Access Testing for Container Hardening A com...