Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00468EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.8 views

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.27 views

CVE-2026-35658 OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool

OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject...

6.5CVSS0.00286EPSS
Exploits0References6
CNVD
CNVD
added 2026/03/24 12:0 a.m.0 views

OpenClaw backlink vulnerability (CNVD-2026-14861)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read and write files outside the agent's workspace, which in turn can be used to execute code via a file overwrite attack...

8.8CVSS6AI score0.00639EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

6.8CVSS0.00489EPSS
Exploits1References1
NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

8.8CVSS0.00639EPSS
Exploits0References3
Rows per page
Query Builder