CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

CVE-2026-43532

OpenClaw 2026.4.7

EUVD-2026-27275

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from the lack of standardization of Discord event cover image parameters during sandbox media...

CVE-2025-12849

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849

The CVE-2025-12849 vulnerability affects the WordPress Contest Gallery plugin and is confirmed in connected sources as an authorization bypass in versions up to 28.0.2, exploitable via the cg_check_wp_admin_upload_v10 AJAX action that can be triggered by unauthenticated users to inject media and ...

CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

WordPress plugin Contest Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

PT-2025-47044

Name of the Vulnerable Software and Affected Versions Contest Gallery plugin for WordPress versions up to and including 28.0.2 Description The Contest Gallery plugin for WordPress is susceptible to authorization bypass. The plugin registers the cg check wp admin upload v10 AJAX action for both...

Linux Distros Unpatched Vulnerability : CVE-2020-4047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages ...

rtpengine 访问控制错误漏洞

rtpengine is a media proxy software from Sipwise Open Source. An access control error vulnerability exists in rtpengine versions prior to 13.4.1.1, which stems from a source validation error in the endpoint learning logic that could lead to the injection or interception of RTP/SRTP media streams...

CVE-2025-4648

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...