70 matches found
Path Traversal
OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...
CVE-2023-31250
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
CVE-2019-11120
Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2024-2366
A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...
GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.3, Apple macOS Tahoe prior to 26.1, and Apple macOS Sequoia prior to 15.7.3, which stems from insufficient pa...
PT-2025-50994
Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...
EUVD-2019-0895
Malware in sbrugna...
EUVD-2018-2722
Malware in sbrugna...
EUVD-2019-2824
Malware in sbrugna...
EUVD-2005-0203
Malware in sbrugna...
EUVD-2017-17151
Malware in sbrugna...
EUVD-2025-10099
Malicious code in bioql PyPI...
EUVD-2021-6999
Malicious code in bioql PyPI...
EUVD-2025-7283
Malicious code in bioql PyPI...
EUVD-2024-47055
Malicious code in bioql PyPI...
EUVD-2023-56990
Malicious code in bioql PyPI...
EUVD-2024-27319
Malicious code in bioql PyPI...
CVE-2025-7641
The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...