Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/10 5:31 p.m.25 views

CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS0.00114EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 5:31 p.m.13 views

`potato-annotation` has a Project-Boundary Bypass

Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...

5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/12 6:24 p.m.18 views

CVE-2026-32232

CVE-2026-32232 affects ZeptoClaw (pre-0.7.6). The vulnerability combines Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass, allowing workspace boundary bypass during path validation and subsequent I/O. The issue is fixed in 0.7.6. Affected behavior in...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 6:24 p.m.2 views

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

9.3CVSS5.8AI score0.00618EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/12 6:24 p.m.26 views

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

9.3CVSS0.00618EPSS
Exploits1References2
OSV
OSV
added 2026/03/12 6:24 p.m.7 views

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

9.3CVSS5.8AI score0.00618EPSS
Exploits1References4
Rows per page
Query Builder