OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the readFile function of the remote file system bridge, which could allow bypassing...

CVE-2026-41296

CVE-2026-41296 affects OpenClaw prior to 2026.3.31. A time-of-check-time-of-use race in the remote filesystem bridge readFile function allows sandbox escape by exploiting separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. The vulnerability i...

EUVD-2021-18884

Malware in sbrugna...

EUVD-2023-23687

Malicious code in bioql PyPI...

ice: fix memory leak in aRFS after reset

...

SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

SAP SOAP EPS_DELETE_FILE File Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Ulterius Server File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ulterius Server File Download Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in Ulterius Server 'Ric...

CVE-2023-48362

CVE-2023-48362 describes a XXE vulnerability in the XML Format Plugin of Apache Drill . The issue affects Drill 1.19.0 and later, enabling an attacker to read arbitrary files on a remote file system or execute commands through a crafted XML file. The documented remediation is to upgrade to Apache...

CVE-2023-1437 CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

CVE-2022-44039

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite remote. ¶¶ An attacker can overwrite system files like system.conf and passwd, this occurs because the insecure usage of "fopen" system function with the mode "wb" which allow...

kernel: cifs: fix handlecache and multiuser

In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinne...

Path Traversal - Download remote files by exploiting the backup functionality (Authenticated)

Description The vulnerability found in the backup system allows an Administrator of the CMS to download any files on the remote file system not only backup files by exploiting a "Path Traversal". The vulnerability does not require any user interaction and is very simple to exploit. Proof of Conce...

Talend Administration Center 代码问题漏洞

Talend Administration Center is a web-based application from Talend that centralizes studio management. A security vulnerability exists in Talend Administration Center. An attacker exploits the vulnerability to use XML External Entities XXE to achieve root read access on a remote file system...

Dell PowerScale OneFS Elevation of Privilege Vulnerability

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS that originates from a remote file system user with a local account that could be exploited by an attacker to cause escalation of file...

CVE-2021-32017

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files...

Design/Logic Flaw

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files...

Information Disclosure

Apache solr-core is vulnerable to Information Disclosure. Lack of validation of CoreAdminAPI's parameters consequently lead to search index data exposure and replace index data entirely by loading it from a remote file system...

CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload

CYSTEME does not properly check SESSION Cookies allowing a remote attacker to upload, view, or delete files from any location on the remote file system. PoC - Retrieve all data in the root wordpress directory. This will return JSON. Exploit:...

Idera Up.time Agent Information Disclosure Vulnerability

Idera Up.time Agent is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...