CVE-2026-43532

OpenClaw 2026.4.7

EUVD-2026-27275

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

CVE-2025-12849

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849 Contest Gallery <= 28.0.2 - Missing Authorization

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the cgcheckwpadminuploadv10 AJAX action for both authenticated and unauthenticated users without implementing capability checks or non...

CVE-2025-12849

The CVE-2025-12849 vulnerability affects the WordPress Contest Gallery plugin and is confirmed in connected sources as an authorization bypass in versions up to 28.0.2, exploitable via the cg_check_wp_admin_upload_v10 AJAX action that can be triggered by unauthenticated users to inject media and ...

WordPress plugin Contest Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

Linux Distros Unpatched Vulnerability : CVE-2020-4047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages ...

rtpengine 访问控制错误漏洞

rtpengine is a media proxy software from Sipwise Open Source. An access control error vulnerability exists in rtpengine versions prior to 13.4.1.1, which stems from a source validation error in the endpoint learning logic that could lead to the injection or interception of RTP/SRTP media streams...