Lucene search
K

439 matches found

OSV
OSV
added 2026/03/03 6:54 p.m.6 views

GHSA-VMQR-RC7X-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.10 views

PT-2026-26392

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

7.3CVSS5.8AI score0.00286EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/23 6:48 a.m.8 views

ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems

A vulnerability for an integer overflow has been identified in the ImageMagick image processing software suite on 32-bit systems with non-default resource limits. An attacker can exploit this flaw by providing a specially crafted malicious image file BMP format for processing. Successful...

7.5CVSS5.7AI score0.00738EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.7 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 12:30 a.m.5 views

EUVD-2026-5525

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:14 p.m.8 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.5 views

openSUSE 15 Security Update : python-python-multipart (SUSE-SU-2026:0307-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0307-1 advisory. - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Tenable has extracted the preceding description block direct...

8.6CVSS5.5AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/28 4:7 p.m.3 views

OPENSUSE-SU-2026:20125-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References2
OSV
OSV
added 2026/01/28 4:3 p.m.9 views

SUSE-SU-2026:20188-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
SUSE Linux
SUSE Linux
added 2026/01/27 4:37 p.m.5 views

Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS5.9AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/27 4:36 p.m.3 views

SUSE-SU-2026:0307-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
OSV
OSV
added 2026/01/27 12:34 a.m.6 views

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS6AI score0.02228EPSS
Exploits5References16
Vulnrichment
Vulnrichment
added 2026/01/27 12:34 a.m.9 views

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS6AI score0.02228EPSS
Exploits5References3
Cvelist
Cvelist
added 2026/01/27 12:34 a.m.46 views

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS0.02228EPSS
Exploits5References3
CVE
CVE
added 2026/01/27 12:34 a.m.109 views

CVE-2026-24486

CVE-2026-24486 affects the Python-Multipart project. Prior to 0.0.22, non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True allow path traversal enabling writing uploaded files to arbitrary filesystem locations. Mitigation is upgrading to 0.0.22 or avoiding UPLOAD_KEEP_FILENA...

8.6CVSS6AI score0.02228EPSS
Exploits5References14Affected Software1
OSV
OSV
added 2026/01/26 11:28 p.m.10 views

GHSA-WP53-J4WJ-2CFG Python-Multipart has Arbitrary File Write via Non-Default Configuration

Summary A Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Details When UPLOADDIR is set and UPLOADKEEPFILENAME is...

8.6CVSS6AI score0.02228EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002626 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...

6.2CVSS6.8AI score0.00557EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001042)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001042 advisory. fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption ...

6.2CVSS6.8AI score0.00557EPSS
Exploits0References31
NVD
NVD
added 2026/01/13 11:16 p.m.4 views

CVE-2026-0716

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

4.8CVSS0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/13 11:7 p.m.1 views

CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

4.8CVSS6.1AI score0.00257EPSS
Exploits0References3
Rows per page
Query Builder