CVE-2026-43533

OpenClaw prior to 2026.4.10 is affected by an arbitrary local file read via QQBot media tags. The root cause is improperly handling media tags that reference host-local paths outside the media storage boundary, allowing disclosure of arbitrary local files through outbound media handling. Impact i...

WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability

Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...

CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

Heap overflow

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...

Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. Run one of the below commands in the developer...

CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-21042

Acrobat Reader DC versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass...

Design/Logic Flaw

Acrobat Reader DC versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass...

SQL injection vulnerability in i-Web Suite

Vulnerability ID: HTB22543 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityiniwebsuite.html Product: i-Web Suite Vendor: immediaC world wide Inc http://www.immediac.com/ Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vendor Notification: 27 July 2010...

THOMSON TG585n 7.4.3.2 - user.ini Arbitrary Disclosure

THOMSON TG585n 7.4.3.2 - user.ini Arbitrary Disclosure THOMSON TG585n user.ini Arbitrary Download Vulnerability Author : AnTi SeCuRe Email : [email protected] TeaM : SauDi ViRuS TeaM Site : WwW.VxX9.Cc \\\\\\\\\\\\\\\\\\ System Information Product Name: TG585n Serial Number:...

THOMSON TG585n 7.4.3.2 - &#039;user.ini&#039; Arbitrary Disclosure

THOMSON TG585n user.ini Arbitrary Download Vulnerability Author : AnTi SeCuRe Email : [email protected] TeaM : SauDi ViRuS TeaM Site : WwW.VxX9.Cc \\\\\\\\\\\\\\\\\\ System Information Product Name: TG585n Serial Number: CP0810KTJSU Software Release: 7.4.3.2 Software...

NaviCOPA 3.0.1.2 - Source Disclosure

NaviCOPA Web Server = 3.0.1.2 Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: www.navicopa.com/download.html - Description - NaviCOPA Web Server = 3.0.1.2 is a Windows based HTTP server. This is the latest version of the application available. NaviCOPA is vulnerable to...

Uebimiau Webmail 3.2.0-2.0 Arbitrary Database Disclosure Vuln

No description provided by source. +Script Name : Uebimiau Webmail v3.2.0-2.0 +Bug Type : Arbitrary Admins Database Disclosure Vulnerability +D0rk : "Uebimiau Webmail v3.2.0-2.0" +Author : Septemb0x +Greetz : BHDR & BARCOD3 & MUHADRAM - Thanks : www.gonulerleri.org +Note : Tüm Müslüman Camiasına...

THOMSON ST585 - &#039;user.ini&#039; Arbitrary Disclosure

==================================== System Information Product Name: ST585 Serial Number: CP0734JTMTR Software Release: 6.2.29.2 Software Variant: AA Boot Loader Version: 1.0.8 Product Code: 36029470 Board Name: BANT-W --- exploit --- - http://192.168.1.254./cgi/b/backup/user.ini Viva Kingdom Of...

THOMSON ST585 - user.ini Arbitrary Disclosure

THOMSON ST585 - user.ini Arbitrary Disclosure ==================================== System Information Product Name: ST585 Serial Number: CP0734JTMTR Software Release: 6.2.29.2 Software Variant: AA Boot Loader Version: 1.0.8 Product Code: 36029470 Board Name: BANT-W --- exploit --- -...