GHSA-35CQ-WV6V-88XF Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...

nuxt-og-image 跨站脚本漏洞

nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image prior to version 6.2.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the image generation component, which allowed arbitrary attribut...

CVE-2025-62154

Missing Authorization vulnerability in recorp AI Content Writing Assistant Content Writer, ChatGPT, Image Generator All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant Content Writer,...

CVE-2025-62747

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through = 1.3.4...

CVE-2025-62747

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through = 1.3.4...

CVE-2025-62747 WordPress Featured Image Generator plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3...

CVE-2025-62747 WordPress Featured Image Generator plugin <= 1.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through = 1.3.4...

EUVD-2025-206000

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3...

CVE-2025-62747

CVE-2025-62747: Missing Authorization in Featured Image Generator (WordPress plugin) enables access control bypass in versions up to 1.3.3. CVSS 3.1/5.3 (base). Exploitation status and specific fix are not provided in the documents; monitor for official patch/media advisories for remediation guid...

WordPress Featured Image Generator plugin <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Featured Image Generator versions = 1.3.3...

PT-2025-54371

Name of the Vulnerable Software and Affected Versions Aum Watcharapon Featured Image Generator versions through 1.3.3 Description An authorization issue exists in Aum Watcharapon Featured Image Generator due to incorrectly configured access control security levels. This allows for an authorizatio...

WordPress plugin Featured Image Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”...

WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...

CVE-2025-12847

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...

CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...

EUVD-2024-45872

Malicious code in bioql PyPI...

EUVD-2025-3566

Malicious code in bioql PyPI...

EUVD-2024-43529

Malicious code in bioql PyPI...

WordPress AI Image Lab - Free AI Image Generator plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AI Image Lab - Free AI Image Generator plugin, which stems from missing or incorrect validation of random...