PT-2026-48742

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue in browser control allows authenticated users to perform server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make request...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

PT-2026-1881

Name of the Vulnerable Software and Affected Versions @sylphxltd/filesystem-mcp version 0.5.8 Description @sylphxltd/filesystem-mcp version 0.5.8 contains a path traversal issue in the “read content” tool. The issue is due to improper symlink handling in the path validation mechanism. The...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67366

The CVE concerns @sylphxltd/filesystem-mcp v0.5.8, an MCP server, with a path traversal flaw in the read_content tool stemming from improper symlink handling. According to the description, resolvePath validates paths before resolving symlinks, while fs.readFile resolves symlinks during access, al...

EUVD-2023-52330

Malicious code in bioql PyPI...

Debian DSA-5355-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5355 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...

SUSE CVE-2009-3375

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function...

PT-2022-36781 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported. The crash involves the com.ctc.wstx.dtd.FullDTDReader.readContentSpec function, java.base/java.lang.Module.canRead, and...

PT-2020-4313 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site-scripting XSS...

CVE-2020-1575

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-4151 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a...

PT-2020-4037 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint...

CVE-2020-1501

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

PT-2020-3818 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A spoofing issue exists due to insufficient input validation in Microsoft SharePoint Server. This could allow a remote attacker to perform spoofing attacks by sending a...

PT-2020-3556 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site-scripting XSS issue...

PT-2020-2849 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a special...

PT-2020-2945 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exist...