PT-2026-29478

Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...

CVE-2026-32015

OpenClaw versions 2026.1.21 up to 2026.2.19 are affected by a path hijacking vulnerability in tools.exec.safeBins that lets an attacker influence gateway process PATH or launch environment to execute trojan binaries with allowlisted names (e.g., jq). The root cause is improper PATH resolution tha...

CVE-2026-32015

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan...

Authentication Bypass Using an Alternate Path or Channel

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the /api/channels gateway-auth. An attacker can gain unauthorized access to protected plugin channel APIs by exploiting a...

CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

CVE-2025-9909

The CVE-2025-9909 issue affects Red Hat Ansible Automation Platform Gateway route creation: improper gateway_path handling allows an attacker with admin privileges to create misleading routes (double-slash prefix) to intercept credentials, potentially enabling persistent backdoors. It is describe...

Red Hat Ansible Automation Platform 安全漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat, Inc. A security vulnerability exists in Red Hat Ansible Automation Platform Red Hat AAP that stems from improper validation of the aap-gateway path, which could result in reading...

BIT-MLFLOW-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...

PYSEC-2025-52

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2025-52967

MLflow prior to 3.1.0 is affected by a gateway_proxy_handler issue that lacks gateway_path validation, enabling potential SSRF via gateway routes. The CVE-2025-52967 description specifies a missing validation in gateway_proxy_handler, with CVSSv3.1 vector indicating network attack, low complexity...

MLflow 代码问题漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A code issue vulnerability exists in MLflow versions prior to 3.1.0 that stems from a missing...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...