Lucene search
+L

137 matches found

cnnvd
cnnvd
added 2026/04/01 12:0 a.m.9 views

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of parsing symbolic link targets during the development of media routing, which could le...

8.3CVSS5.8AI score0.00408EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/01 12:0 a.m.22 views

PT-2026-29498

Name of the Vulnerable Software and Affected Versions Tina versions prior to 2.2.2 Description A path-traversal issue exists in Tina, a headless content management system, due to insufficient validation of file paths in the dev media routes. The implementation validates only the path string and...

8.3CVSS5.4AI score0.00408EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/03/20 7:11 a.m.12 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS5.9AI score0.00379EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32020

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

5.5CVSS0.00131EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32020

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

4.8CVSS5.9AI score0.00131EPSS
Exploits0References4
euvd
euvd
added 2026/03/19 10:6 p.m.6 views

EUVD-2026-13288

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

4.8CVSS5.9AI score0.00131EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/19 10:6 p.m.23 views

CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

4.8CVSS0.00131EPSS
Exploits0References3
cve
cve
added 2026/03/19 10:6 p.m.12 views

CVE-2026-32020

OpenClaw is affected in versions prior to 2026.2.22 by a path traversal vulnerability in the static file handler that follows symbolic links, allowing reads of files outside the intended root when symlinks are placed under the Control UI root directory. The underlying issue is directory confineme...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References3Affected Software1
snyk
snyk
added 2026/03/18 6:13 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pkgutil.getdata function. An attacker can access files and directories outside the intended root directory by supplying crafted input to the resource argument. Details A Directory Traversal attack also known ...

4.8CVSS6.5AI score0.00238EPSS
Exploits0References2
euvd
euvd
added 2026/03/07 12:30 a.m.7 views

EUVD-2026-10087

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

5.9AI score0.00201EPSS
Exploits0References5
osv
osv
added 2026/03/06 10:16 p.m.6 views

AZL-79532 CVE-2026-27139 affecting package golang 1.18.8-10

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS5.9AI score0.00201EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/03/06 10:16 p.m.5 views

CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS7.3AI score0.00201EPSS
Exploits0References6
osv
osv
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27139 FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS6.9AI score0.00201EPSS
Exploits0References7
osv
osv
added 2026/03/05 12:52 a.m.8 views

GHSA-QFFP-2RHF-9H96 tar has Hardlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in UnpackSTRIPABSOLUTEPATH chec...

8.2CVSS6AI score0.00408EPSS
Exploits2References4
ptsecurity
ptsecurity
added 2026/03/05 12:0 a.m.15 views

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

8.8CVSS5.9AI score0.00408EPSS
Exploits2References214
ptsecurity
ptsecurity
added 2026/03/03 12:0 a.m.6 views

PT-2026-27225

Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind between validation and write. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: = 2026.3.1 - Latest published vulnerable version...

8.7CVSS5.8AI score
Exploits0References7
nvd
nvd
added 2026/02/20 2:16 a.m.14 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS0.00288EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/20 1:7 a.m.6 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.6AI score0.00288EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.10 views

node-tar 路径遍历漏洞

node-tar is a software package for file compression/decompression developed by isaacs. Versions of node-tar 7.5.7 and earlier contained a path traversal vulnerability. This vulnerability stemmed from archive files that attackers could control, allowing them to create hard links to files outside t...

7.1CVSS6.7AI score0.00288EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.8 views

PT-2026-20374

Name of the Vulnerable Software and Affected Versions node-tar versions 7.5.7 and below node-tar version 7.5.8 Description The node-tar package contains a flaw where an attacker-controlled archive, when extracted using default options, can create a hardlink inside the extraction directory that...

8.8CVSS5.6AI score0.0034EPSS
Exploits1References222
Rows per page
Query Builder