Lucene search
+L

110 matches found

NVD
NVD
added 2026/07/10 9:17 p.m.5 views

CVE-2026-58499

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...

8.2CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 8:53 p.m.9 views

CVE-2026-58499

EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...

8.2CVSS6.1AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 7:1 p.m.5 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 3:55 p.m.16 views

CVE-2026-58173

Vibe-Trading prior to 0.1.10 is affected by a path traversal vulnerability in which the memory_type value, supplied via the remember tool to the persistent memory store, enables writing files outside the intended memory root. This can allow an attacker to create arbitrary Markdown files at uninte...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 3:55 p.m.37 views

CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:55 p.m.6 views

EUVD-2026-40354

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/30 3:55 p.m.9 views

CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:16 p.m.11 views

CVE-2021-47963

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS0.00469EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.44 views

CVE-2021-47963 Anote 1.0 Persistent Cross-Site Scripting Leading to Code Execution

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.11 views

CVE-2021-47963 Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 6:36 p.m.19 views

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 6:36 p.m.10 views

EUVD-2021-34816

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41342

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 9:43 p.m.8 views

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime-extension is an A rendermime extension for JupyterLab Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitra...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:43 p.m.11 views

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.20 views

EUVD-2026-28188

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 9:19 p.m.15 views

Permissive List of Allowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the memoryget function. An attacker can access arbitrary Markdown files within the workspace root by supplying crafted paths, thereby bypassing...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 8:16 p.m.34 views

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS0.00226EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.52 views

CVE-2026-44111 OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS0.00226EPSS
Exploits0References3
Rows per page
Query Builder