251 matches found
BIT-MINIO-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
MinIO is a high-performance object storage system. From 2022.07.24 to before 2026.04.14, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the...
CVE-2026-42600
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...
CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...
CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...
CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...
GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...
OESA-2026-2145 ca-certificates security update
This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. Security Fixes: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting ...
GHSA-GFG9-5357-HV4C OpenClaw: Webchat audio embedding could read local files without local-root containment
Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...
GHSA-QP56-GP47-JWJ3 Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf48-qfv4-jjm9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension...
CVE-2026-41363
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability. This vulnerability stemmed from a bypass of the allowlist in the Matrix thread root and in the handling of reply contexts, resulting...
CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
EUVD-2026-25943
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
CVE-2026-41363
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...
PT-2026-37272
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z Description A path traversal issue in the ReadMultiple internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013228)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013228 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we a...