OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Path Validation Improperity vulnerability, which is caused by an incorrect path validation flaw in sandboxed media handling. An attacker can exploit the vulnerability to traverse a directory on a...

EUVD-2026-12864

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

aaPanel 安全漏洞

aaPanel is a simple yet powerful web-based control panel developed under the open-source license. Version 7.57.0 of aaPanel contains a security vulnerability caused by insufficient path validation, which may lead to local file inclusion attacks and result in the exposure of sensitive information...

PT-2026-26105

CVE-2026-29858 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure. https://t.co/WowAOqIOTR...

CVE-2026-29858

The CVE-2026-29858 entry concerns aaPanel v7.57.0 with a lack of path validation, enabling local file inclusion (LFI) and exposure of sensitive information. The description specifies the vulnerable component as aaPanel and the impact as information disclosure via LFI, but it does not provide deta...

PT-2026-26162

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description A flaw exists in the pyfunc extraction process within MLflow that can allow for arbitrary file writes. This occurs because of inadequate handling of entries within tar archives, specifically...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

EUVD-2025-208755

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files...

CVE-2025-66687

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files...

CVE-2025-66687

Doom Launcher 3.8.1.0 is vulnerable to a Directory Traversal flaw caused by missing file path validation during extraction of game files. The issue is described across multiple sources (RH, NVD, EUVD, CVE listings) with a CVSSv3.1 base score of 7.5 (High) and an attack vector of Network, requirin...

PT-2026-25825

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the POST request to the /api/import/importStdMd endpoint directly passes the localPath parameter to the model.ImportFromLocalPath...

Arbitrary File Write

Magic Wormhole is vulnerable to Arbitrary File Write. The vulnerability is due to improper validation of file paths during file reception, allowing a malicious sender to overwrite critical local files e.g., /.ssh/authorizedkeys, .bashrc and potentially compromise the system...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the workspace path validation. An attacker can gain unauthorized access to files and potentially modify or create files outside the intended workspace boundary by...

Tornado has incomplete validation of cookie attributes

Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...