154 matches found
PT-2026-48939
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description Insufficient sanitization of the FileInfo.Name variable received from federated peers during shared...
Hermes Agent 授权问题漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained an authorization vulnerability. This vulnerability stemmed from issues with the syncanthropicentryfromcredentialsfile function in the Credential...
CVE-2026-41397 OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink Traversal
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
EUVD-2026-26105
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
CVE-2026-41397 OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink Traversal
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
CVE-2026-41397
OpenClaw is affected: OpenClaw before 2026.3.31 has a sandbox escape vulnerability that lets an attacker bypass sandbox restrictions by crafting malicious symlinks during Mirror Sync/file synchronization, enabling traversal of directory boundaries. Affected component is the file synchronization/s...
CVE-2026-41397
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
OpenClaw 后置链接漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had a post-link vulnerability due to a sandbox escape issue. This vulnerability could allow remote attackers to access arbitrary files by exploiting symbolic links during fil...
PT-2026-35781
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sandbox escape allows attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafti...
CVE-2026-41179
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...
CVE-2026-20018
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
EUVD-2026-9456
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
CVE-2026-20018
Cisco Secure Firewall Management Center (FMC) and Cisco Secure Firewall Threat Defense (FTD) are affected by CVE-2026-20018 in the sftunnel functionality. The issue stems from insufficient directory-path validation during file synchronization, enabling an authenticated, remote attacker with admin...
PT-2026-23015
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...
QNAP Qsync Central 代码问题漏洞
QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...
[SECURITY] Fedora 41 Update: nextcloud-32.0.2-1.fc41
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: nextcloud-32.0.2-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Rsync 安全漏洞
Rsync is a fast and versatile file copying tool open-sourced by RsyncProject. It is used for remote files and local files. A security vulnerability exists in Rsync that stems from an out-of-bounds read of the heap buffer due to a negative array index, which could lead to information disclosure...