OpenClaw Sandbox Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...

WordPress Header Footer Script Adder plugin Cross Site Scripting Vulnerability

WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

Jiangxi Minsoft Technology Co., Ltd. MCms background exists arbitrary file deletion vulnerability

Jiangxi Minsoft Technology Co., Ltd. business scope includes: information technology consulting services; Internet information services; computer software technology development and so on. Jiangxi Minsoft Technology Co., Ltd. MCms back-end arbitrary file deletion vulnerability, an attacker can us...

cpp-httplib injection vulnerability

cpp-httplib is an HTTP/HTTPS server and client library written in C++. A security vulnerability exists in cpp-httplib version 0.5.8 and earlier, which stems from the program's failure to filter string-laden arguments passed to the 'setredirect' and 'setheader' functions. The vulnerability can be...

SQL Injection Vulnerability in Kaixin Quote System V2.0 da***.aspx Page

The QI Quotation System is primarily for use by manufacturing companies. For incoming BOM list price monitoring. The system will automatically record the past quoted prices of BOM products, so that the purchasing staff can easily give new quotes. A SQL injection vulnerability exists in the Qixing...

SQL injection vulnerability in zzzphp sa***.php page

zzphp is a free website builder developed in PHP language. A SQL injection vulnerability exists in the zzzphp sa.php page, which can be exploited by attackers to obtain sensitive information...

Google V8 Out of Bounds Write 'Array.prototype.map' Built-in Denial of Service Vulnerability

Google V8 is a Web browser developed by the American company Google Google. A denial of service vulnerability exists built into Google V8 Out of Bounds Write 'Array.prototype.map'. A remote attacker could exploit this vulnerability to cause a denial of service...

Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out-of-Scope Access Remote Code Execution Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. The lack of proper validation of user-supplied data leads ...

SQL Injection Vulnerability in addr_edite Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addredite method o...

PHP 5.0.0 'snmpwalkoid()' Local Denial of Service Vulnerability

PHP is a new language for writing CGI programs. A local denial of service vulnerability exists in PHP 5.0.0 'snmpwalkoid', which can be exploited by attackers to launch denial of service attacks...