CVE-2026-43567 OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

CVE-2025-68705 RustFS Path Traversal Vulnerability

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...

CVE-2024-52787

An issue in the uploaddocuments method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file...

undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

It was found that the AJP connector in undertow does not use the ALLOWENCODEDSLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files...