Lucene search
K

674 matches found

CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

goshs 安全漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs from 1.0.7 to 2.0.0-beta.4 contained security vulnerabilities. These vulnerabilities stemmed from the SFTP command rename, which only cleaned up the source path but did not clean up the target path,...

7.7CVSS7.3AI score0.00318EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32038

Name of the Vulnerable Software and Affected Versions: goshs versions 1.0.7 through 2.0.0-beta.4 Description: goshs is a SimpleHTTPServer written in Go. The SFTP command rename sanitizes only the source path and not the destination, allowing a write outside of the root directory of the SFTP. This...

7.7CVSS6.4AI score0.00318EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 had a path traversal vulnerability, which stemmed from the lack of enforcement of root directory restrictions, potentially allowing access to arbitrary...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which arises when the target is replaced by a symbolic link during the Root.Chmod operation,...

6.4CVSS7.3AI score0.00292EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Vite 路径遍历漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 6.0.0 to 6.4.2, before 7.3.2, and before 8.0.5 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path traversal restrictions on .map requests, which could allow bypassin...

6.3CVSS5.8AI score0.00914EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 6:16 p.m.8 views

CVE-2026-35050

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS0.00438EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 5:30 p.m.13 views

EUVD-2026-19408

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS5.9AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw path traversal vulnerability (CNVD-2026-16057)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...

7.5CVSS5.9AI score0.00254EPSS
Exploits0
CNVD
CNVD
added 2026/03/24 12:0 a.m.4 views

OpenClaw backlink vulnerability (CNVD-2026-14859)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability, which is caused by a flaw in the static file handler following a symbolic link. An attacker can exploit the vulnerability to read arbitrary files outside the root directory...

5.5CVSS6AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.17 views

PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References8
OSV
OSV
added 2026/03/20 2:24 p.m.14 views

OESA-2026-1667 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

9.4CVSS5.8AI score0.00644EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.28 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.10 views

EUVD-2026-12726

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 1:34 a.m.5 views

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

4.8CVSS6.2AI score0.0013EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References3
CNVD
CNVD
added 2026/03/17 12:0 a.m.5 views

OpenClaw Directory Traversal Vulnerability (CNVD-2026-14394)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that stems from the sandbox skill image failing to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to cause a file t...

7.9CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.11 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS0.00363EPSS
Exploits0References7
OSV
OSV
added 2026/03/13 7:54 p.m.2 views

DEBIAN-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:54 p.m.7 views

UBUNTU-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References7
Rows per page
Query Builder