25 matches found
CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling
NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...
CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...
WordPress Download Monitor plugin <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability
Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability discovered by Kirasec in WordPress Plugin Download Monitor versions = 5.1.10...
CVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
CVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
PT-2026-2294
Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...
CVE-2024-44159
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44294
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with root privileges may be able to delete protected system files...
CVE-2024-44156
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44294
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files...
CVE-2024-44294
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with root privileges may be able to delete protected system files...
CVE-2024-44156
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44159
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44156
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44294
CVE-2024-44294 describes a path deletion vulnerability in macOS that could allow an attacker with root privileges to delete protected system files. The issue is mitigated by code changes that prevent vulnerable operations from running with elevated privileges. Apple fixed this in macOS Ventura 13...
CVE-2024-44294
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with root privileges may be able to delete protected system files...
CVE-2024-44294
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files...
CVE-2024-44159
CVE-2024-44159 affects macOS by a path-deletion vulnerability that could allow a local attacker to bypass Privacy preferences. The issue is mitigated by preventing vulnerable code from running with privileges and is fixed in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1. Affected component/behavio...
CVE-2024-44156
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences...
CVE-2024-44156
A CVE-2024-44156 in macOS relates to a path deletion vulnerability that could allow an app to bypass Privacy preferences by executing vulnerable code with privileges. The issue is fixed in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1. Affected component details are not explicitly provided beyond ...