PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

PT-2026-49024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...

VulnCheck KEV: CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2400)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is...

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2026-2392)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2026-2415)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Ironic vulnerabilities (USN-8421-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8421-1 advisory. Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. ...

Linux Distros Unpatched Vulnerability : CVE-2026-49982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the...

Linux Distros Unpatched Vulnerability : CVE-2026-11816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functio...

EulerOS Virtualization 2.13.0 : vim (EulerOS-SA-2026-2421)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-2386)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...

Linux Distros Unpatched Vulnerability : CVE-2026-44705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the...

📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal

This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form entries are not properly validated. An attacker can inject a crafted entry containing path traversal sequences ../ to reference files outside the intend...

📄 AnyDesk 9.7.5 Unquoted Service Path

AnyDesk version 9.7.5 suffers from an unquoted service path vulnerability. Exploit Title: AnyDesk v9.7.5 - Unquoted Service Path Date: 2026-06-06 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com...

CVE-2026-53813

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

Exploit for Write-what-where Condition in Linux Linux_Kernel

DirtyFrag CVE-2026-43284 PoC Validation and auditd Detection...

EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

GHSA-WXQ4-CC2Q-338Q WsgiDAV encoded dot segments can escape filesystem share roots

Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...

CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback

OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...