11 matches found
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...
PT-2026-53247
Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw exists due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI porta...
CVE-2026-56692
Vulnerability summary (CVE-2026-56692): NanoClaw prior to 2.1.17 contains a symlink-following flaw in forwardAttachedFiles that can exfiltrate host-readable files. The host validates attachments with isSafeAttachmentName, then copies via fs.copyFileSync, which follows symlinks without containment...
EUVD-2026-38464
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...
ViewVC 路径遍历漏洞
ViewVC is ViewVC open source a Web-based CVS, SVN code repository browsing tool. A path traversal vulnerability exists in ViewVC versions 1.1.0 to 1.1.31 and 1.2.0 to 1.2.3, which stems from a directory traversal in the standalone.py script, which could lead to the disclosure of the contents of t...
SUSE CVE-2011-2178
The virSecurityManagerGetPrivateData function in security/securitymanager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary...
GE MDS PulseNET and MDS PulseNET Enterprise Directory Traversal Vulnerability
GE MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric GE.GE MDS PulseNET is a suite of network management software designed specifically for radio communication systems.MDS PulseNET Enterprise is its enterprise version. A directory traversal vulnerability exists in GE...
openstack-glance: Glance v2 API host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...
openstack-cinder: Host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...