CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

EUVD-2021-10243

Malware in sbrugna...

EUVD-2005-3863

Malware in sbrugna...

EUVD-2013-4399

Malware in sbrugna...

EUVD-2022-35059

Malicious code in bioql PyPI...

Car Rental Project Unlimited Upload Vulnerability

Car Rental Project is a car rental program. Car Rental Project has an unlimited upload vulnerability that stems from the lack of valid validation of uploaded files by the parameters img1/img2/img3/img4/img5 in the file /admin/post-avehical.php. No details of the vulnerability are available at thi...

CampCodes Online Shopping Portal 代码问题漏洞

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. A code issue vulnerability exists in CampCodes Online Shopping Portal version 1.0, which stems from improper manipulation of the productimage1/productimage2/productimage3 parameter in file...

CVE-2025-4926

A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched...

PHPGurukul Car Rental Project 安全漏洞

Car Rental Project is a car rental program. Car Rental Project has an unlimited upload vulnerability that stems from the lack of valid validation of uploaded files by the parameters img1/img2/img3/img4/img5 in the file /admin/post-avehical.php. No details of the vulnerability are available at thi...

BIT-JOOMLA-2021-23125 [20210103] - Core - XSS in com_tags image parameters

An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple comtags views cause lead to XSS attack vectors...

CVE-2024-9038

A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attac...

CVE-2022-2823

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...

WordPress plugin Slider, Gallery, and Carousel by MetaSlider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Joomla! cross-site scripting vulnerability (CNVD-2021-03991)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 3.1.0-3.9.23. The...

Open Source Matters Joomla 跨站脚本漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 3.1.0-3.9.23. The...

[20210103] - Core - XSS in com_tags image parameters

Lack of escaping of image-related parameters in multiple comtags views cause lead to XSS attack vectors...

CVE-2019-1729

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root...

[SECURITY] Fedora 27 Update: rawtherapee-5.2-2.fc27

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

CVE-2015-1366

Cross-site scripting XSS vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the imageuser parameter...

OpenJDK: CMM malformed raster memory corruption (2D, 8007675)

The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters, which...