Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 3:31 p.m.7 views

Duplicate Advisory: OpenClaw's message tool media parameter bypasses tool policy filesystem isolation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8wv-jg3q-qwpq. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read...

8.6CVSS5.9AI score0.00555EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/15 8:52 p.m.9 views

GHSA-R67R-42WX-C8R7 Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

7AI score
Exploits0References3
OSV
OSV
added 2024/05/15 8:24 p.m.12 views

GHSA-7F4F-P7MQ-P4FV Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 8:24 p.m.9 views

Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

7AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/14 12:0 a.m.18 views

openSUSE Security Update : fossil (openSUSE-2017-1365)

This update for fossil to version 2.4 fixes the following issues : - CVE-2017-17459: Client-side code execution via crafted 'ssh://' URLs bsc1071709 The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or...

9.3CVSS8.1AI score0.02805EPSS
Exploits0References2
NVD
NVD
added 2010/08/16 8:0 p.m.18 views

CVE-2010-3022

Cross-site scripting XSS vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths i...

2.6CVSS5.4AI score0.01256EPSS
Exploits0References7
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

External URL injection through URL aliases - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

External URL injection through URL aliases - Moderately Critical - Open Redirect

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder