Lucene search
K

13 matches found

NVD
NVD
added 2026/05/05 12:16 p.m.9 views

CVE-2026-43532

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

7.7CVSS0.00259EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from the lack of standardization of Discord event cover image parameters during sandbox media...

7.7CVSS5.8AI score0.00259EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/17 9:56 p.m.14 views

OpenClaw: Discord event cover images bypassed sandbox media normalization

Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...

7.7CVSS5.7AI score0.00259EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.10 views

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.5 views

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

5.4CVSS6.5AI score0.00201EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/26 9:31 p.m.6 views

EUVD-2025-199749

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

5.9AI score0.00201EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.18 views

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

0.00201EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.3 views

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

6AI score0.00201EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.153 views

📄 Classroomio LMS 0.1.13 Cross Site Scripting

Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files. CVE-2025-65676 Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

5.4CVSS6.6AI score0.00201EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/06 2:57 a.m.7 views

CVE-2025-21624

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

9.8CVSS6.5AI score0.01166EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/07 3:46 p.m.27 views

CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

9.8CVSS0.01166EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/07 3:46 p.m.6 views

CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

9.8CVSS6.5AI score0.01166EPSS
Exploits1References2
Hacker One
Hacker One
added 2017/04/18 3:33 p.m.29 views

Trello: Malicious file can be hidden as Card Attachment or Card Cover image

You can upload infected jpeg files to a card. If a user clicks on the attachment image, the infected file will get downloaded instead of showing the image. On opening it, any sort of system calls can be run on the victim. Steps to Reproduce 1 Navigate to https://trello.com/ 2 Click on the Tutoria...

6.9AI score
Exploits0
Rows per page
Query Builder