Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-33576

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/31 11:50 p.m.9 views

OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 11:50 p.m.5 views

GHSA-V2V2-F783-358J OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

9.8CVSS5.9AI score0.00355EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.22 views

CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS0.00355EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.8 views

CVE-2026-33576

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.25 views

PT-2026-29256

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

9.8CVSS5.9AI score0.00355EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-69405

Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through = 1.2.11...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.8 views

CVE-2025-69405

CVE-2025-69405 involves a Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store theme. Affected versions are WordPress Theme Lorem Ipsum (lorem-ipsum-books-media-store) up to and including 1.2.11 (per NVD/Red Hat entries); Red Hat/Wordfence notes the issue ...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through = 1.2.11...

5.9AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.23 views

CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through = 1.2.11...

9.8CVSS0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21186

Name of the Vulnerable Software and Affected Versions ThemeREX Lorem Ipsum | Books & Media Store versions through 1.2.6 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to...

5.6AI score0.00375EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin Lorem Ipsum | Books & Media Store 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/11 10:48 a.m.5 views

WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...

9.8CVSS5.6AI score0.00375EPSS
Exploits0Affected Software1
Rows per page
Query Builder