Lucene search
K

8 matches found

OSV
OSV
added 2026/04/07 6:14 p.m.5 views

GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching

Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...

7.3CVSS6.1AI score0.00118EPSS
Exploits0References5
NVD
NVD
added 2024/06/10 10:15 p.m.22 views

CVE-2024-37169

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS0.00529EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/06/10 9:35 p.m.73 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS0.00529EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/10 9:35 p.m.9 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References5
OSV
OSV
added 2024/06/10 9:35 p.m.17 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.3 views

URL to PNG Security Vulnerability

URL to PNG is an application by Jason Raimondi Personal Developer. A security vulnerability exists in URL to PNG prior to version 2.0.3, which originates from the ability to read arbitrary files via a file wrapper via Playwright's screenshot feature...

5.3CVSS6.7AI score0.00529EPSS
Exploits0References6
OSV
OSV
added 2024/06/05 1:29 p.m.10 views

GHSA-665W-MWRR-77Q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper

Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 Patches v2.0.3 requires input url to be of protocol http or https Workarounds Requires upgrade. References - https://github.com/jasonraimondi/url-to-png/issues/47 -...

5.3CVSS5.2AI score0.00529EPSS
Exploits0References7
OSV
OSV
added 2019/05/14 3:29 p.m.15 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...

4.1CVSS6.8AI score0.01116EPSS
Exploits0References3
Rows per page
Query Builder