Lucene search
K

101 matches found

NVD
NVD
added 2026/03/20 9:16 a.m.17 views

CVE-2026-27625

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS0.00462EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.14 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7.3CVSS5.9AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 9:17 p.m.6 views

CVE-2026-32747

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...

6.8CVSS0.00411EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 1:34 a.m.52 views

CVE-2026-27523

OpenClaw OpenClaw prior to version 2026.2.24 contains a sandbox bind-validation bypass vulnerability. The issue lets a bind source path that uses a symlinked parent with a non-existent leaf circumvent allowed-root and blocked-path checks, causing the path to resolve outside the sandbox and weaken...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/10 9:2 p.m.13 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.2CVSS5.9AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.2CVSS5.9AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.2CVSS5.8AI score0.00108EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.5 views

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

8.6CVSS0.00405EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 9:16 p.m.9 views

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS0.00304EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.7 views

Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.18 views

PT-2026-26414

A workspace-only file-system guard mismatch allowed @-prefixed absolute paths to bypass boundary validation in some tool path checks. Impact When tools.fs.workspaceOnly=true, certain @-prefixed absolute paths for example @/etc/passwd could be validated before canonicalization while runtime path...

6CVSS5.9AI score0.00335EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/18 5:44 p.m.9 views

OpenClaw has a LFI in BlueBubbles media path handling

Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...

8.2CVSS5.7AI score0.00292EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

Deno command injection vulnerability

Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Versions of Deno prior to 2.5.6 contained a command injection vulnerability. This vulnerability stemmed from a comparison of file extensions that treated case differences differently, whic...

9.8CVSS5.8AI score0.00619EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.10 views

PT-2026-1562

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.5 Description The Frontend File Manager Plugin for WordPress did not properly check a file path and who owned the file. This allowed any logged-in user, even those with limited permissions like...

7.7CVSS6.5AI score0.00194EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

RiteCMS Improper Access Control Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...

7.5CVSS5.9AI score0.00687EPSS
Exploits1References1
NVD
NVD
added 2025/12/22 12:16 p.m.6 views

CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

8.3CVSS0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 12:0 a.m.5 views

EUVD-2025-201728

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

5.3CVSS6.8AI score0.00637EPSS
Exploits1References2
CVE
CVE
added 2025/12/08 12:0 a.m.27 views

CVE-2025-61318

CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...

9.1CVSS7AI score0.00637EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:55 p.m.11 views

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

9.9CVSS6.6AI score0.12115EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder