109 matches found
PT-2026-29499
Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...
CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...
Small Http Server 路径遍历漏洞
Small Http Server is a small HTTP server developed by Max Feoktistov. Version 3.06.36 of Small Http Server contains a path traversal vulnerability. This vulnerability stems from an authenticated path traversal exploit, which could allow remote users to bypass SecurityManager’s restrictions and...
SUSE-SU-2026:0977-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 are affected by a symlink traversal vulnerability in browser trace and download output path handling, allowing a local attacker to escape the managed temp root and overwrite files outside the intended directory. The issue stems from how symlinks are resolved w...
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
PT-2026-26736
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...
CVE-2026-22180
OpenClaw is affected in versions prior to 2026.3.2 by a path-confinement bypass in browser output handling that allows writing outside intended root directories. The issue arises from insufficient canonical path-boundary validation in file write operations, enabling writes to arbitrary locations ...
CVE-2026-22180
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...
SFTP root escape via component-agnostic prefix check in ssh_sftpd
...
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
TinaCMS 路径遍历漏洞
TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.1.2 contained a path traversal vulnerability. This vulnerability stemmed from the use of path.join to combine paths without verifying that the resolved path remained within...
EUVD-2025-208408
By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...
Linux Distros Unpatched Vulnerability : CVE-2026-27139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root ...
DEBIAN-CVE-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
UBUNTU-CVE-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
CVE-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
CVE-2026-27139 FileInfo can escape from a Root in os
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
CVE-2026-27139
CVE-2026-27139 : On Unix, when listing a directory with the Go File.ReadDir/File.Readdir APIs, the returned FileInfo could reference a file outside the Root in which the File was opened. The impact is limited to reading metadata via lstat from arbitrary filesystem locations; it does not permit re...
GO-2026-4602 FileInfo can escape from a Root in os
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...