101 matches found
CVE-2026-27625
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...
CVE-2026-32016
OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...
CVE-2026-32747
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...
CVE-2026-27523
OpenClaw OpenClaw prior to version 2026.2.24 contains a sandbox bind-validation bypass vulnerability. The issue lets a bind source path that uses a symlinked parent with a non-existent leaf circumvent allowed-root and blocked-path checks, causing the path to resolve outside the sandbox and weaken...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-28456
OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...
CVE-2026-28442
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...
Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
PT-2026-26414
A workspace-only file-system guard mismatch allowed @-prefixed absolute paths to bypass boundary validation in some tool path checks. Impact When tools.fs.workspaceOnly=true, certain @-prefixed absolute paths for example @/etc/passwd could be validated before canonicalization while runtime path...
OpenClaw has a LFI in BlueBubbles media path handling
Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...
Deno command injection vulnerability
Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Versions of Deno prior to 2.5.6 contained a command injection vulnerability. This vulnerability stemmed from a comparison of file extensions that treated case differences differently, whic...
PT-2026-1562
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.5 Description The Frontend File Manager Plugin for WordPress did not properly check a file path and who owned the file. This allowed any logged-in user, even those with limited permissions like...
RiteCMS Improper Access Control Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...
CVE-2025-14273
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
EUVD-2025-201728
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...
CVE-2025-61318
CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...