Tag

Directory-Traversal

4 briefs RSS

OpenClaw Arbitrary Directory Deletion Vulnerability

OpenClaw before 2026.4.2 is vulnerable to arbitrary directory deletion in mirror mode, enabling attackers to delete remote directories by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values.

OpenClaw cve-2026-41383 directory-traversal file-deletion

2r 1t 1c 5d ago

critical advisory

compressing npm Package Symlink Bypass Vulnerability

3 rules 5 TTPs 1 CVE 1 IOC

A vulnerability in the `compressing` npm package (<=v2.1.0) allows for arbitrary file overwrite via symlink path traversal, bypassing a previous patch for CVE-2026-24884.

npm supply-chain symlink directory-traversal privilege-escalation arbitrary-file-overwrite

3r 5t 1c 1i 2w ago

medium advisory

LORIS Directory Traversal Vulnerability

2 rules 2 TTPs 1 CVE

LORIS, a neuroimaging research data management web application, is vulnerable to directory traversal (CVE-2026-35446) due to an incorrect order of operations in the FilesDownloadHandler, allowing authenticated attackers to access unauthorized files.

directory-traversal web-application neuroimaging

2r 2t 1c 3w ago

critical advisory

SiYuan Note Taking Application Directory Traversal Vulnerability

2 rules 1 TTP

SiYuan note taking application is vulnerable to a directory traversal via the /api/file/readDir endpoint, which does not require authentication, allowing an attacker to enumerate the directory structure and retrieve file names, potentially leading to arbitrary document reading.

directory-traversal siyuan cve-2026-33670

2r 1t Mar 26, 2026