Lucene search
K

6 matches found

NVD
NVD
added last week9 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References5
EUVD
EUVD
added last week5 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.0034EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:6 p.m.14 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:32 p.m.4 views

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 1:32 p.m.8 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS6AI score0.00146EPSS
Exploits0References5
Rows per page
Query Builder