OpenClaw hook transform path containment missed symlink-resolved escapes

Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...

EUVD-2022-2716

Malicious code in bioql PyPI...

SUSE CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

Smarty path traversal vulnerability

New Digital Group Smarty is a template engine written in PHP by New Digital Group. A path traversal vulnerability exists in the 'SmartySecurity::isTrustedResourceDir' function in New Digital Group Smarty versions prior to 3.1.33, which stems from the program's failure to adequately filter templat...

CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

UBUNTU-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

CVE-2018-16831 concerns the Smarty PHP templating engine. The vulnerability arises in Smarty before 3.1.33-dev-4, where an attacker can bypass the trusted_dir protection mechanism by injecting a file:./../ substring into an include statement, enabling potential unintended access to files. The iss...

Trusted-Directory Bypass via Path Traversal

if you enable secrity .$trusteddir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they...

DEBIAN-CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...