CVE-2026-28484

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-28484

...

CVE-2026-28484

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2026-9929

OpenClaw versions prior to 2026.2.15 contain an option injection vulnerability in the git-hooks/pre-commit hook that allows attackers to stage ignored files by creating maliciously-named files beginning with dashes. The hook fails to use a -- separator when piping filenames through xargs to git...

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

PT-2026-23558

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software contains an option injection flaw in the git-hooks/pre-commit hook. This allows attackers to stage files that are normally ignored by creating files that begin with dashes. The hook...

EUVD-2021-1580

Malware in sbrugna...

CVE-2025-58373

Roo Code (editor-integrated AI coding agent) versions 3.25.23 and earlier contain a symlink-based bypass of the .rooignore protections. An attacker with write access to the workspace could trick the extension into reading files that should be excluded (for example, .env or other configuration dat...

vercel/serve allows access to restricted files if filename is URL encoded.

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

GHSA-5RC4-8QQH-VQ7F vercel/serve allows access to restricted files if filename is URL encoded.

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2019-5437

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are = 0.29.0 and no fix was applied to our knowledge...

Information Exposure

Overview harp is a zero-configuration web server with built in pre-processing. Affected versions of this package are vulnerable to Information Exposure. The documentation explicitly mentions that files or directories with names that start with an underscore are ignored by the server and are not...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3718

CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

PT-2018-16142 · Node.Js · Serve

Name of the Vulnerable Software and Affected Versions: serve node module affected versions not specified Description: The issue is related to improper handling of URL encoding, allowing access to ignored files if a filename is URL encoded. This can potentially lead to unauthorized access to...