Medium
CVSS: 6.9
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targ…
High
CVSS: 7.5
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
Low
CVSS: 3.3
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
High
CVSS: 7.8
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Medium
CVSS: 4.3
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
High
CVSS: 7.3
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to ac…
Medium
CVSS: 5.3
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being ap…
Medium
CVSS: 6.8
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.
The attacker must have network access to the management interface (web, SSH, console, or telnet) and succes…
Medium
CVSS: 4.3
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
High
CVSS: 8.6
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
Windows HTML Platforms Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability
Medium
CVSS: 4.3
MapUrlToZone Security Feature Bypass Vulnerability