1870 matches found
CVE-2026-31410
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...
PT-2026-30768
Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description Vite, a frontend tooling framework for JavaScript, had a flaw where the server.fs check was not enforced for the fetchModule method exposed in the Vite dev server’s WebSocket. If ...
CVE-2026-5574
The CVE-2026-5574 entry concerns Technostrobe HI-LED-WR120-G2 (firmware 5.5.0.1R6.03.30). Affected component: FsBrowseClean, function deletefile. Description indicates that manipulating the dir/path argument can bypass authorization, enabling potential remote attack. Public disclosure of exploits...
CVE-2026-5571
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack...
CVE-2026-5571 Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack...
PT-2026-30442
Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A weakness exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. This impacts an unknown function within the /fs file. Manipulation of the cwd argument can lead to...
Technostrobe HI-LED-WR120-G2 访问控制错误漏洞
Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains an access control vulnerability. This vulnerability stems from incorrect handling of parameters in the /...
CVE-2026-23419
A flaw was found in the Linux kernel's net/rds module. This vulnerability involves a circular locking dependency within the rdstcptune function. The issue arises when the sknetrefcntupgrade function performs memory allocation while a socket lock is held, creating a deadlock with the fsreclaim loc...
CVE-2026-23419 net/rds: Fix circular locking dependency in rds_tcp_tune
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...
Security Bulletin: IBM Langflow Desktop Symlink Validation Bypass
Summary tar-fs is used by IBM Langflow Desktop as part of its archive extraction and file handling functionality through Node.js dependencies. A vulnerability in tar-fs affects how symbolic links are validated during extraction, allowing a crafted tarball to bypass symlink protections when the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the IO::FS::WRITE function. An attacker can write arbitrary files to unintended locations on the filesystem with attacker-controlled content by supplying crafted filenames containing traversal sequences, which ar...
GHSA-J6V5-G24H-VG4J Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the IO::FS::WRITE function. An attacker can write arbitrary files to unintended locations on the filesystem with attacker-controlled content by supplying crafted filenames containing traversal sequences, which ar...
Duplicate Advisory: OpenClaw: Sandbox `writeFile` commit could race outside the validated path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xvx8-77m6-gwg6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step tha...
EUVD-2026-17383
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox...
CVE-2026-32977
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox...
CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...
CVE-2026-32988
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...
CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...
CVE-2026-32988
OpenClaw before 2026.3.11 contains a sandbox boundary bypass in fs-bridge staged writes: temporary file creation and population are not pinned to a verified parent directory, enabling a race between parent-path alias changes and the final guarded replace step. This could allow attacker-controlled...