Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.1 views

CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References3
NVD
NVD
added 2025/10/28 9:15 p.m.4 views

CVE-2025-62796

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 8:47 p.m.2 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS6.9AI score0.00277EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2023-1681

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.03191EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/06/23 8:37 p.m.12 views

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9CVSS7.6AI score0.03191EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/23 8:37 p.m.62 views

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9CVSS10AI score0.03191EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.6 views

PT-2023-25180 · Webklex +1 · Webklex/Laravel-Imap +2

Name of the Vulnerable Software and Affected Versions: PHP-IMAP versions prior to 5.3.0 Description: An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that...

9.8CVSS9.7AI score0.03191EPSS
Exploits1References15
Rows per page
Query Builder