18 matches found
Requests 安全漏洞
Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...
CVE-2026-25475 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...
EUVD-2024-53866
Malicious code in bioql PyPI...
Path Confusion
Hono is vulnerable to path confusion leading to proxy-level ACL bypass. The vulnerability is due to reliance on fixed character offsets when parsing request URLs due to incorrect handling of malformed absolute-form Request-URIs; attackers can craft such malformed absolute-form Request-URIs to cau...
OPENSUSE-SU-2025:0090-1 Security update for ark
This update for ark fixes the following issues: - CVE-2024-57966: Disable extraction to absolute path from an archive boo1236737...
OESA-2025-1132 ark security update
Ark is a program for managing various archive formats. Archives can be viewed, extracted, created and modified from within Ark. The program can handle various formats such as tar, gzip, bzip2, zip, rar and lha if appropriate command-line programs are installed. Security Fixes: libarchiveplugin.cp...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
[SECURITY] [DLA 3015-1] ark security update
Debian LTS Advisory DLA-3015-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 20, 2022 https://wiki.debian.org/LTS Package : ark Version : 4:16.08.3-2+deb9u1 CVE ID : CVE-2020-16116 CVE-2020-24654 Debian Bug : 969437 Fabian Vogt and Dominik Penner discovered...
[SECURITY] [DLA-2530-1] drupal7 security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2530-1 [email protected] https://www.debian.org/lts/security/ Gunnar Wolf January 21, 2021 https://wiki.debian.org/LTS -...
DEBIAN-CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO $PHPSELF, which allows remote attackers to bypass intended access restrictions for certain pages...
CVE-2008-2146
CVE-2008-2146 affects WordPress prior to 2.2.3, where wp-includes/vars.php fails to correctly extract the current path from PATH_INFO ($PHP_SELF). This allows remote attackers to bypass page access restrictions. The root cause is a path-determination flaw in WordPress’ request handling. A fix is ...
CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO $PHPSELF, which allows remote attackers to bypass intended access restrictions for certain pages...
WordPress <= 2.2.2 - BYPASS
The attackers can bypass intended access restrictions for certain pages, because wp-includes/vars.php does not properly extract the current path from the PATHINFO. Solution Update WordPress...