902 matches found
CVE-2026-62229
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
EUVD-2026-45117
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-62229
OpenClaw prior to 2026.5.18 contains an authorization bypass in exec allowlist glob matching. This allows lower-trust callers to execute actions beyond intended authorization by crafting input paths that traverse the allowlist glob patterns when the affected feature is enabled. According to the C...
CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-61432
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
EUVD-2026-42898
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
CVE-2026-61432 PraisonAI FastContext before 1.6.78 Path Traversal
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
RLSA-2026:30860 Important: perl-IO-Compress security update
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...
CVE-2026-59094
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
EUVD-2026-41425
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
CVE-2026-59094
Affected software: Pathway, affected up to v0.31.1. Vulnerability: document store applies a caller-supplied glob pattern to indexed document paths via a hand-written recursive matcher that branches on each ** token without memoization, yielding exponential worst-case complexity. The pattern from ...
CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
CVE-2026-59094
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
RLSA-2026:30859 Important: perl-IO-Compress security update
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...
perl-IO-Compress security update
An update is available for perl-IO-Compress. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This distribution provides a Perl interface to allow reading and...
RHEL 10 : perl-IO-Compress (RHSA-2026:30860)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30860 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...
Important: Red Hat Security Advisory: perl-IO-Compress security update
An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...