439 matches found
GHSA-VMQR-RC7X-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...
PT-2026-26392
Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...
ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems
A vulnerability for an integer overflow has been identified in the ImageMagick image processing software suite on 32-bit systems with non-default resource limits. An attacker can exploit this flaw by providing a specially crafted malicious image file BMP format for processing. Successful...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
EUVD-2026-5525
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
openSUSE 15 Security Update : python-python-multipart (SUSE-SU-2026:0307-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0307-1 advisory. - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Tenable has extracted the preceding description block direct...
OPENSUSE-SU-2026:20125-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...
SUSE-SU-2026:20188-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...
Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:0307-1 Security update for python-python-multipart
This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486
CVE-2026-24486 affects the Python-Multipart project. Prior to 0.0.22, non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True allow path traversal enabling writing uploaded files to arbitrary filesystem locations. Mitigation is upgrading to 0.0.22 or avoiding UPLOAD_KEEP_FILENA...
GHSA-WP53-J4WJ-2CFG Python-Multipart has Arbitrary File Write via Non-Default Configuration
Summary A Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Details When UPLOADDIR is set and UPLOADKEEPFILENAME is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002626)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002626 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001042)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001042 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...
CVE-2026-0716
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...