GHSA-9MPH-4F7V-FMVH OpenClaw has agent avatar symlink traversal in gateway session metadata

Summary A crafted local avatar path could follow a symlink outside the agent workspace and return arbitrary file contents as a base64 data: URL in gateway responses. Impact - Confidentiality impact: local file read in the gateway process context. - Exfiltration path: agents.list can return the...

OpenClaw has agent avatar symlink traversal in gateway session metadata

Summary A crafted local avatar path could follow a symlink outside the agent workspace and return arbitrary file contents as a base64 data: URL in gateway responses. Impact - Confidentiality impact: local file read in the gateway process context. - Exfiltration path: agents.list can return the...

CVE-2026-2692

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has be...

CVE-2026-2692 CoCoTeaNet CyreneAdmin Image getAvatar path traversal

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has be...

PT-2026-20571

Name of the Vulnerable Software and Affected Versions CoCoTeaNet CyreneAdmin versions up to 1.3.0 Description A path traversal issue exists in the Image Handler component of CoCoTeaNet CyreneAdmin. The issue is located in the /api/system/user/getAvatar file, where manipulation of the Avatar...

CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

EUVD-2025-16452

Malicious code in bioql PyPI...

EUVD-2025-25414

Malicious code in bioql PyPI...

CVE-2025-48480

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

CVE-2025-48480 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

Subrion CMS 4.2.1 Cross Site Scripting

Exploit Title: Subrion CMS 4.2.1 - 'avatarpath' XSS Date: 2020-12-15 Exploit Author: icekam Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: Subrion CMS 4.2.1 CVE : CVE-2020-35437 stored xss vulnerability in /core/profile/. Reproduce through the...

Subrion CMS 4.2.1 - 'avatar[path]' XSS

Exploit Title: Subrion CMS 4.2.1 - 'avatarpath' XSS Date: 2020-12-15 Exploit Author: icekam Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: Subrion CMS 4.2.1 CVE : CVE-2020-35437 stored xss vulnerability in /core/profile/. Reproduce through the...

Subrion Cross-Site Scripting Vulnerability (CNVD-2020-75156)

Subrion is a powerful and easy to use PHP content management system with full source editing, per page permissions, user activity monitoring and other powerful features. A cross-site scripting vulnerability exists in Subrion 4.2.1. The vulnerability can be exploited to conduct a cross-site...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

CVE-2020-35437

Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...

Subrion CMS 跨站脚本漏洞

Subrion is a powerful and easy to use PHP content management system with full source editing, per page permissions, user activity monitoring and other powerful features. A cross-site scripting vulnerability exists in Subrion 4.2.1. The vulnerability can be exploited to conduct a cross-site...

Advanced HRM Remote Code Execution Vulnerability

Advanced HRM is a human resource management system. A security vulnerability exists in Advanced HRM version 1.6. A remote attacker can exploit the vulnerability by sending a .php file with PHP code to the user/update-user-avatar URI to execute code...