5 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53194
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size...
EUVD-2026-36116
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...
@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)
Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...
CVE-2026-43567 OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter
OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...
OpenClaw: screen_record outPath bypassed workspace-only filesystem guard
Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...