Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-53632

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:54 p.m.33 views

CVE-2026-53632 NTLMv2 hash disclosure via UNC path handling on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 5:48 p.m.24 views

CVE-2026-41389

OpenClaw 2026.4.7

6.3CVSS5.9AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 10:33 p.m.9 views

OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Summary Webchat tool-result media normalization could pass local and UNC-style file paths into the host-side media embedding path without applying the configured local-root containment policy. Impact A crafted tool-result media reference could cause the host to attempt local file reads or Windows...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/04/15 12:31 a.m.4 views

EUVD-2026-22724

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00687EPSS
Exploits1References3
Rows per page
Query Builder