Lucene search
K

636 matches found

Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.9 views

Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:48 p.m.4 views

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.4 views

CVE-2026-39906

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

10CVSS5.8AI score0.00687EPSS
Exploits1References1
NVD
NVD
added 2026/04/14 10:16 p.m.4 views

CVE-2026-39906

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

10CVSS0.00687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/14 9:21 p.m.4 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.00618EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:21 p.m.3 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.00618EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:21 p.m.4 views

CVE-2026-39906

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00687EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/14 9:21 p.m.10 views

CVE-2026-39906

CVE-2026-39906 affects Unisys WebPerfect Image Suite v3.0.3960.22810 and v3.0.3960.22604. The root cause is exposure of a deprecated .NET Remoting TCP channel, enabling remote unauthenticated attackers to leak NTLMv2 machine-account hashes by passing a Windows UNC path as a target file argument v...

10CVSS5.8AI score0.00687EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/10 7:21 p.m.6 views

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/09 9:3 p.m.10 views

CVE-2026-40107

Summary: SiYuan before 3.6.4 configures Mermaid.js with securityLevel: loose and htmlLabels: true, allowing tags to survive DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a user opens a note containing a malicious Mermaid diagram, the El...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.3 views

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

8.8CVSS6.5AI score0.00608EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/01 8:10 p.m.4 views

CVE-2026-34515 AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.8AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 6:36 p.m.5 views

EUVD-2026-17915

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 2026/04/01 2:16 p.m.5 views

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

8.8CVSS0.00608EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 9:45 p.m.5 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 7:7 p.m.3 views

GHSA-H3X4-HC5V-V2GM OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/26 7:7 p.m.5 views

OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

7.6CVSS5.8AI score0.0026EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.14 views

PT-2026-28176

Name of the Vulnerable Software and Affected Versions Streamlit versions prior to 1.54.0 Description Streamlit Open Source versions running on Windows hosts are affected by an unauthenticated Server-Side Request Forgery SSRF issue. This arises from insufficient validation of filesystem paths...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/20 6:19 p.m.3 views

CVE-2026-32310

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder