Lucene search
K

70 matches found

Veracode
Veracode
added 2026/05/16 5:18 a.m.17 views

Path Traversal

OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...

8.7CVSS5.8AI score0.00688EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.7AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.6 views

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.1AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.7 views

CVE-2024-2366

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

9CVSS9.4AI score0.00662EPSS
Exploits1References1
OSV
OSV
added 2025/12/30 1:49 a.m.4 views

GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...

8.2CVSS6.6AI score0.00433EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/12/24 9:1 a.m.6 views

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

...

8.2CVSS7.7AI score0.00433EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.3, Apple macOS Tahoe prior to 26.1, and Apple macOS Sequoia prior to 15.7.3, which stems from insufficient pa...

5.5CVSS6.1AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.3 views

PT-2025-50994

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...

5.5CVSS6.4AI score0.00192EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0895

Malware in sbrugna...

7.8CVSS7.7AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2722

Malware in sbrugna...

7.8CVSS7.9AI score0.00818EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2824

Malware in sbrugna...

7.8CVSS7.6AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2005-0203

Malware in sbrugna...

5CVSS6AI score0.02856EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-17151

Malware in sbrugna...

6CVSS6.2AI score0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10099

Malicious code in bioql PyPI...

7.7CVSS6.4AI score0.00737EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-6999

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01432EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7283

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00371EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-47055

Malicious code in bioql PyPI...

9.1CVSS9.3AI score0.00864EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56990

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01854EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-27319

Malicious code in bioql PyPI...

9CVSS9.2AI score0.00662EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.12 views

CVE-2025-7641

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...

7.5CVSS7.2AI score0.00495EPSS
Exploits0References1
Rows per page
Query Builder