GHSA-2767-2Q9V-9326 OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

Summary QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact QQBot reply media URLs could be treated as trusted media sources, allowing SSRF fetches whose returned...

OpenClaw Sandbox Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...

CVE-2026-4984 Botpress - Credential Disclosure via Twilio Webhook Handler

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2026-28467

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2026-1316

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media.href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers if...

CVE-2026-22027

creationtimestamp| type| source ---|---|--- 2026-01-10 01:22:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbztxeohrq22 2026-01-12 08:39:15+00:00| seen| https://gist.github.com/Darkcrai86/b176463f12dc368c9fff6d3cb12db099...

EUVD-2006-4951

Malware in sbrugna...

Pretalx Arbitrary File Read/Limited File Write

This module exploits functionality in Pretalx that export conference schedule as zipped file. The Pretalx will iteratively include any file referenced by any HTML tag and does not properly check the path of the file, which can lead to arbitrary file read. The module requires credentials that allo...

CVE-2025-7860

creationtimestamp| type| source ---|---|--- 2025-07-20 03:21:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luejgs4pkt2l...

CVE-2025-48883

creationtimestamp| type| source ---|---|--- 2025-05-30 19:07:50+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqfwib3njjc2...

CVE-2025-4496

creationtimestamp| type| source ---|---|--- 2025-05-10 05:26:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15884 2025-05-10 05:41:54+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3losa3ime6rn2 2025-05-10...

CVE-2023-12345

creationtimestamp| type| source ---|---|--- 2025-04-03 17:56:13+00:00| seen| https://gist.github.com/mranv/8aebbbe6c455c386cbd3fef9d8647ca6 2025-04-03 17:58:38+00:00| seen| https://gist.github.com/mranv/eb450fd1403beaf6f27170e086effd8f 2025-04-15 22:57:59+00:00| seen|...

CVE-2024-54509

creationtimestamp| type| source ---|---|--- 2025-01-27 22:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqxpyvtbw2j...

CVE-2025-23495

creationtimestamp| type| source ---|---|--- 2025-01-22 15:18:15+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2dkt5o27 2025-01-22 20:01:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2621...

CVE-2025-23841

creationtimestamp| type| source ---|---|--- 2025-01-16 21:17:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7dy6eud2r...

CVE-2023-46609

creationtimestamp| type| source ---|---|--- 2025-01-02 12:16:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2lmg36c25 2025-01-02 14:08:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113759150982715188...

CISCO-SA-20190904-IND

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:52+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794610062146...

CISCO-SA-20190501-ASA

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:50+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794423337300 2024-12-17 06:41:51+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794528173407...

CVE-2024-45290 Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...