Lucene search
+L

242 matches found

Wolfi
Wolfi
added 2026/04/11 2:51 a.m.11 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: victoriametrics, pluto, newrelic-k8s-metadata-injection, aws-network-policy-agent, tailscale, ingress-nginx-controller, mountpoint-s3-csi-driver, smarter-device-manager, hubble, flux-notification-controller, flux-image-automation-controller, external-secrets-operator...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/01 4:23 p.m.7 views

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS0.00319EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.10 views

PT-2026-29545

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/26 7:7 p.m.8 views

OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

7.6CVSS5.8AI score0.0026EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/26 7:7 p.m.3 views

GHSA-H3X4-HC5V-V2GM OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 6:31 p.m.19 views

GHSA-HGGM-X7R9-MM7V OpenClaw is vulnerable to Path Traversal through path validation bypass

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.7 views

CVE-2026-32750

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.9AI score0.00431EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 6:19 p.m.6 views

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/19 9:15 p.m.29 views

CVE-2026-32750 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS0.00431EPSS
Exploits1References3
CVE
CVE
added 2026/03/19 9:15 p.m.23 views

CVE-2026-32750

CVE-2026-32750 (SiYuan) affects SiYuan versions 3.6.0 and earlier. The vulnerability occurs in POST /api/import/importStdMd, where the localPath parameter is passed directly to model.ImportFromLocalPath without path validation. The function recursively reads every file under the provided path and...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 9:15 p.m.4 views

CVE-2026-32750 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.9AI score0.00431EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 9:15 p.m.7 views

CVE-2026-32750 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.9AI score0.00431EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/16 6:47 p.m.6 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties through the importStdMd import process in kernel/api/import.go. An attacker can import data from sensitive or unintended local paths and potentially access or expose local files by...

8.2CVSS5.8AI score0.00431EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 6:47 p.m.7 views

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

Summary POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 6:47 p.m.5 views

GHSA-RJHH-M223-9QQV SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

Summary POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2026/03/16 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie...

4.3CVSS5.8AI score0.56366EPSS
In wildExploits24References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25825

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the POST request to the /api/import/importStdMd endpoint directly passes the localPath parameter to the model.ImportFromLocalPath...

6.8CVSS5.9AI score0.00431EPSS
Exploits1References9
CVE
CVE
added 2026/02/25 10:49 a.m.43 views

CVE-2025-62878

The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 10:49 a.m.4 views

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 10:49 a.m.27 views

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

9.9CVSS0.00581EPSS
Exploits1References2
Rows per page
Query Builder