OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the readFile function of the remote file system bridge, which could allow bypassing...

CVE-2026-41296

CVE-2026-41296 affects OpenClaw prior to 2026.3.31. A time-of-check-time-of-use race in the remote filesystem bridge readFile function allows sandbox escape by exploiting separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. The vulnerability i...

EUVD-2021-18884

Malware in sbrugna...

EUVD-2023-23687

Malicious code in bioql PyPI...

CVE-2021-32017

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files...

ice: fix memory leak in aRFS after reset

...

SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Ulterius Server File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ulterius Server File Download Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in Ulterius Server 'Ric...

SAP SOAP EPS_DELETE_FILE File Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

CVE-2023-48362

CVE-2023-48362 describes a XXE vulnerability in the XML Format Plugin of Apache Drill . The issue affects Drill 1.19.0 and later, enabling an attacker to read arbitrary files on a remote file system or execute commands through a crafted XML file. The documented remediation is to upgrade to Apache...

Mlflow Code Issue Vulnerability

Mlflow is an open source platform for machine learning lifecycle. A code issue vulnerability exists in Mlflow. An attacker could exploit this vulnerability to write arbitrary files to an arbitrary location on a remote file system in a server process environment...

CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

CVE-2023-1437

Advantech WebAccess/SCADA (all versions prior to 9.1.4) is affected by CVE-2023-1437 due to untrusted pointer handling in RPC arguments, enabling a remote attacker to access the remote file system and potentially execute commands or overwrite files. The root cause is untrusted pointers dereferenc...

CVE-2023-1437 CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

CVE-2022-44039

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite remote. ¶¶ An attacker can overwrite system files like system.conf and passwd, this occurs because the insecure usage of "fopen" system function with the mode "wb" which allow...

kernel: cifs: fix handlecache and multiuser

In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinne...

Path Traversal - Download remote files by exploiting the backup functionality (Authenticated)

Description The vulnerability found in the backup system allows an Administrator of the CMS to download any files on the remote file system not only backup files by exploiting a "Path Traversal". The vulnerability does not require any user interaction and is very simple to exploit. Proof of Conce...

Talend Administration Center 代码问题漏洞

Talend Administration Center is a web-based application from Talend that centralizes studio management. A security vulnerability exists in Talend Administration Center. An attacker exploits the vulnerability to use XML External Entities XXE to achieve root read access on a remote file system...

Dell PowerScale OneFS Elevation of Privilege Vulnerability

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS that originates from a remote file system user with a local account that could be exploited by an attacker to cause escalation of file...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS that originates from a remote file system user with a local account that could be exploited by an attacker to cause escalation of file...