Lucene search
K

6 matches found

Debian CVE
Debian CVE
added 2026/06/30 10:8 p.m.7 views

CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 3:7 p.m.7 views

Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...

4.7CVSS5.7AI score0.00109EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.10 views

OpenClaw: Sandbox `writeFile` commit could race outside the validated path

Summary In affected versions of openclaw, the sandbox fs-bridge writeFile commit step used an unanchored container path during the final move into place. An attacker racing parent-path changes inside the sandbox could redirect the committed file outside the validated sandbox path. Impact This is ...

6.3CVSS5.9AI score0.00078EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 10:8 p.m.11 views

GHSA-XMV6-R34M-62P4 OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

7.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2021/02/12 8:15 a.m.4 views

CVE-2021-27205

Telegram before 7.4 212543 Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure...

5.5CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/02/12 7:48 a.m.33 views

CVE-2021-27205

Telegram before 7.4 212543 Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure...

5.3AI score0.00293EPSS
Exploits1References2
Rows per page
Query Builder