PT-2026-31979

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...

Arbitrary Argument Injection

Overview skilleton is a Skills skeleton: deterministic AI skill dependency manager Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of repository and path input in the normalizeRepoUrl function. An attacker can cause unsafe or inefficient...

CVE-2026-35613

CVE-2026-35613 affects coursevault-preview prior to 0.1.1. The issue arises from a boundary check that uses String.prototype.startsWith(baseDir) on a normalized path, which does not enforce a directory boundary, permitting a path traversal via a client-controlled relativePath. An attacker could r...

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

PT-2026-30759

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

GHSA-P224-6X5R-FJPM Ory Oathkeeper has a path traversal authorization bypass

Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences e.g. /public/../admin/secrets that resolves to a protected path after normalization, but is matched against a permissive rule because the ra...

EUVD-2026-10542

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

CVE-2026-30930

CVE-2026-30930 affects Glances prior to version 4.5.1. The TimescaleDB export module builds SQL queries by concatenating unsanitized system-monitoring data. The normalize() function wraps values in single quotes but does not escape embedded quotes, allowing SQL injection via attacker-controlled d...

Glances has SQL Injection via Process Names in TimescaleDB Export

Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as...

Incorrect Comparison Logic Granularity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity due to the normalizeForHash function. An attacker can cause stale sandbox containers to be reused by modifying the order of primitive values in...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-2.el7, rh-nodejs14-nodejs-14.17.2-1.el7 (AXSA:2021-2260:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2260:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

CVE-2023-54021

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

CVE-2023-54021 ext4: set goal start correctly in ext4_mb_normalize_request

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

CVE-2023-54021 ext4: set goal start correctly in ext4_mb_normalize_request

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

PT-2025-52978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the ext4 filesystem. The problem involves incorrectly setting the goal start in the ext4 mb normalize request function. Specificall...

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

CVE-2024-51317

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the domnodenormalize function...

CVE-2024-51317

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the domnodenormalize function...

PT-2025-44763

Name of the Vulnerable Software and Affected Versions Netsurf version 3.11 Description An issue in NetSurf allows a remote attacker to execute arbitrary code via the dom node normalize function. Recommendations At the moment, there is no information about a newer version that contains a fix for...

NetSurf 安全漏洞

NetSurf is a lightweight browser from the NetSurf organization. A security vulnerability exists in NetSurf version 3.11, which stems from a flaw in the domnodenormalize function that could lead to the execution of arbitrary code...