Lucene search
K

1870 matches found

Debian CVE
Debian CVE
added 2026/04/06 7:38 a.m.6 views

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.5CVSS5.2AI score0.00164EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30768

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description Vite, a frontend tooling framework for JavaScript, had a flaw where the server.fs check was not enforced for the fetchModule method exposed in the Vite dev server’s WebSocket. If ...

8.2CVSS6.2AI score0.02907EPSS
Exploits3References14
CVE
CVE
added 2026/04/05 2:45 p.m.14 views

CVE-2026-5574

The CVE-2026-5574 entry concerns Technostrobe HI-LED-WR120-G2 (firmware 5.5.0.1R6.03.30). Affected component: FsBrowseClean, function deletefile. Description indicates that manipulating the dir/path argument can bypass authorization, enabling potential remote attack. Public disclosure of exploits...

9.1CVSS6.2AI score0.00544EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/05 2:16 p.m.5 views

CVE-2026-5571

A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack...

7.5CVSS0.00475EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/05 1:45 p.m.27 views

CVE-2026-5571 Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure

A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack...

6.9CVSS0.00475EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30442

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A weakness exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. This impacts an unknown function within the /fs file. Manipulation of the cwd argument can lead to...

9.8CVSS6.9AI score0.0052EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.41 views

Technostrobe HI-LED-WR120-G2 访问控制错误漏洞

Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains an access control vulnerability. This vulnerability stems from incorrect handling of parameters in the /...

7.5CVSS6AI score0.00475EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/03 2:58 p.m.3 views

CVE-2026-23419

A flaw was found in the Linux kernel's net/rds module. This vulnerability involves a circular locking dependency within the rdstcptune function. The issue arises when the sknetrefcntupgrade function performs memory allocation while a socket lock is held, creating a deadlock with the fsreclaim loc...

5.5CVSS5.9AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/03 1:24 p.m.23 views

CVE-2026-23419 net/rds: Fix circular locking dependency in rds_tcp_tune

In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...

7.5CVSS0.00175EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:42 p.m.8 views

Security Bulletin: IBM Langflow Desktop Symlink Validation Bypass

Summary tar-fs is used by IBM Langflow Desktop as part of its archive extraction and file handling functionality through Node.js dependencies. A vulnerability in tar-fs affects how symbolic links are validated during extraction, allowing a crafted tarball to bypass symlink protections when the...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/01 11:37 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the IO::FS::WRITE function. An attacker can write arbitrary files to unintended locations on the filesystem with attacker-controlled content by supplying crafted filenames containing traversal sequences, which ar...

8.8CVSS6.3AI score0.00514EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 11:37 p.m.4 views

GHSA-J6V5-G24H-VG4J Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...

8.1CVSS6.6AI score0.00514EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 11:37 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the IO::FS::WRITE function. An attacker can write arbitrary files to unintended locations on the filesystem with attacker-controlled content by supplying crafted filenames containing traversal sequences, which ar...

8.8CVSS6.3AI score0.00514EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.8 views

Duplicate Advisory: OpenClaw: Sandbox `writeFile` commit could race outside the validated path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xvx8-77m6-gwg6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step tha...

6.3CVSS5.8AI score0.00078EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.9 views

EUVD-2026-17383

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox...

6.3CVSS5.9AI score0.00078EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 12:16 p.m.15 views

CVE-2026-32977

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox...

6.3CVSS0.00078EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32988

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.26 views

CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS0.0008EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 11:17 a.m.10 views

CVE-2026-32988

OpenClaw before 2026.3.11 contains a sandbox boundary bypass in fs-bridge staged writes: temporary file creation and population are not pinned to a verified parent directory, enabling a race between parent-path alias changes and the final guarded replace step. This could allow attacker-controlled...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder