Lucene search
+L

251 matches found

OSV
OSV
added 2026/05/13 3:13 p.m.48 views

BIT-MINIO-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From 2022.07.24 to before 2026.04.14, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the...

6.9CVSS5.8AI score0.08457EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 10:22 p.m.17 views

CVE-2026-42600

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS0.08457EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:53 p.m.36 views

CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS0.08457EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:53 p.m.10 views

CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS5.8AI score0.08457EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 8:38 p.m.14 views

CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/04 7:8 p.m.14 views

Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/04 7:8 p.m.6 views

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References7
OSV
OSV
added 2026/05/03 9:56 a.m.14 views

OESA-2026-2145 ca-certificates security update

This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. Security Fixes: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting ...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 9:34 p.m.6 views

GHSA-GFG9-5357-HV4C OpenClaw: Webchat audio embedding could read local files without local-root containment

Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...

6CVSS5.8AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 12:31 a.m.10 views

GHSA-QP56-GP47-JWJ3 Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf48-qfv4-jjm9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension...

6CVSS5.8AI score0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 12:16 a.m.5 views

CVE-2026-41363

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6.5CVSS0.00339EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability. This vulnerability stemmed from a bypass of the allowlist in the Matrix thread root and in the handling of reply contexts, resulting...

6.5CVSS5.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/27 11:24 p.m.33 views

CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...

6CVSS0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 11:24 p.m.3 views

CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...

6CVSS6AI score0.00181EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 11:24 p.m.4 views

CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6CVSS5.4AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 11:24 p.m.7 views

EUVD-2026-25943

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6CVSS5.4AI score0.00339EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.3 views

CVE-2026-41363

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6CVSS5.5AI score0.00339EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/27 11:24 p.m.31 views

CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter

OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during uploadimage operations to read arbitrary files outside...

6CVSS0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-37272

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z Description A path traversal issue in the ReadMultiple internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the...

6.9CVSS6AI score0.08457EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013228 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we a...

5.8AI score0.00172EPSS
Exploits0References4
Rows per page
Query Builder