8 matches found
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
GHSA-66R7-M7XM-V49H OpenClaw: QQBot media tags could read arbitrary local files through reply text
Summary QQBot media tags could read arbitrary local files through reply text. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact QQBot outbound media tags in AI reply text could reference host-local paths outside the intended media storage...
OpenClaw: QQBot media tags could read arbitrary local files through reply text
Summary QQBot media tags could read arbitrary local files through reply text. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact QQBot outbound media tags in AI reply text could reference host-local paths outside the intended media storage...
GHSA-393C-P46R-7C95 Directus: Path Traversal and Broken Access Control in File Management API
Summary A broken access control vulnerability was identified in the Directus file management API that allows authenticated users to overwrite files belonging to other users by manipulating the filenamedisk parameter. Details The PATCH /files/id endpoint accepts a user-controlled filenamedisk...
Directus: Path Traversal and Broken Access Control in File Management API
Summary A broken access control vulnerability was identified in the Directus file management API that allows authenticated users to overwrite files belonging to other users by manipulating the filenamedisk parameter. Details The PATCH /files/id endpoint accepts a user-controlled filenamedisk...
Langflow 访问控制错误漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow from 1.2.0 to 1.8.1 contain access control vulnerability issues. This vulnerability stems from the lack of boundary checks at the underlying storage layer,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the verifyRelPath function, which uses strings.HasPrefix to verify that requested paths fall within the configured storage directory. An attacker can access files outside their designated storage boundaries by...