CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2026/03/12 12:0 a.m.•1 views

OpenClaw Arbitrary File Read Vulnerability (CNVD-2026-13555)

OpenClaw is a tool for configuration management that supports loading external configuration files via the include directive. An arbitrary file read vulnerability exists in OpenClaw. An attacker can use this vulnerability to read sensitive files, such as API keys and credentials, outside of the...

NVD•added 2026/03/11 2:16 p.m.•0 views

Exploits0References1

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS0.00018EPSS

OSV•added 2026/03/11 2:16 p.m.•2 views

CVE-2026-32061

6.7CVSS5.9AI score

Vulnrichment•added 2026/03/11 1:32 p.m.•2 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

Cvelist•added 2026/03/11 1:32 p.m.•22 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

6.7CVSS0.00018EPSS

ATTACKERKB•added 2026/03/11 1:32 p.m.•1 views

CVE-2026-32061

EUVD•added 2026/03/11 1:32 p.m.•3 views

Exploits0References4

EUVD-2026-11152

CVE•added 2026/03/11 1:32 p.m.•5 views

CVE-2026-32061

OpenClaw vulnerability CVE-2026-32061 affects OpenClaw versions prior to 2026.2.17, where the include directive resolution is susceptible to a path traversal that allows reading arbitrary local files outside the config directory boundary. Exploitation requires config modification privileges and c...

Exploits0References3Affected Software1

CNNVD•added 2026/03/11 12:0 a.m.•3 views

OpenClaw 路径遍历漏洞

NVD•added 2026/03/10 9:16 p.m.•0 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS0.00021EPSS

EUVD•added 2026/03/10 8:25 p.m.•0 views

EUVD-2026-10873

OSV•added 2026/03/10 8:25 p.m.•2 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Vulnrichment•added 2026/03/10 8:25 p.m.•1 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

Github Security Blog•added 2026/03/10 1:4 a.m.•3 views

liquidjs has a path traversal fallback vulnerability

Impact The layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the default. This poses a security risk when malicious users are allowed to control the template...

Exploits1References6Affected Software1

OSV•added 2026/03/10 1:4 a.m.•3 views

GHSA-WMFP-5Q7X-987X liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24182

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Exploits1References7

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.0 had a path traversal vulnerability. This vulnerability stems from the layout, render, and include tags allowing access to arbitrary files via absolute...