Lucene search
K

174 matches found

Saint
Saint
added 2026/03/25 12:0 a.m.75 views

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.26 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.8AI score0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.2 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.9AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 12:0 a.m.10 views

CVE-2026-30711

CVE-2026-30711 affects Devome GRR v4.5.0 and describes multiple authenticated SQL injection vulnerabilities in include/session.inc.php exploitable via the referer and user-agent. The NVD entry assigns CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with base score 8.8 (HIGH), indicating high impac...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.5 views

CVE-2026-28482

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.31 views

CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS0.00136EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS7.1AI score0.00136EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/05 9:59 p.m.4 views

EUVD-2026-9928

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS6AI score0.00136EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:59 p.m.17 views

CVE-2026-28482

CVE-2026-28482 – OpenClaw : OpenClaw versions prior to 2026.2.12 are vulnerable to path traversal in transcript file paths constructed from unsanitized sessionId parameters and sessionFile paths, allowing an authenticated attacker to read or write files outside the agent sessions directory (e.g.,...

8.4CVSS6AI score0.00136EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.27 views

CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS0.00363EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:59 p.m.4 views

EUVD-2026-9907

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS6AI score0.00363EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28459

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS6AI score0.00363EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/22 6:28 p.m.201 views

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Unauthenticated RCE ██╗...

10CVSS8.8AI score0.95343EPSS
Exploits25
Veracode
Veracode
added 2026/02/20 9:33 a.m.6 views

Unsafe Deserialization

Scapy is vulnerable to unsafe deserialization. The vulnerability is due to insecure handling of serialized session files, which allows an attacker to execute arbitrary code by tricking a user into loading a malicious session file via the -s option...

6.3AI score
Exploits0
OSV
OSV
added 2026/02/18 12:57 a.m.11 views

GHSA-5XFQ-5MR7-426Q OpenClaw's unsanitized session ID enables path traversal in transcript file operations

Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...

8.4CVSS5.5AI score0.00136EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.22 views

OpenClaw's unsanitized session ID enables path traversal in transcript file operations

Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...

8.4CVSS5.5AI score0.00136EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:43 p.m.12 views

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

8.1CVSS6.7AI score0.00363EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. An operating system command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation...

9.8CVSS7.7AI score0.05577EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.6 views

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

7.5CVSS7.7AI score0.05577EPSS
Exploits1References10
Rows per page
Query Builder