5 matches found
CVE-2026-53632
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...
CVE-2026-53632 NTLMv2 hash disclosure via UNC path handling on Windows
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...
CVE-2026-41389
OpenClaw 2026.4.7
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files
Summary Webchat tool-result media normalization could pass local and UNC-style file paths into the host-side media embedding path without applying the configured local-root containment policy. Impact A crafted tool-result media reference could cause the host to attempt local file reads or Windows...
EUVD-2026-22724
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...