Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.8 views

CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.3 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

4.3CVSS5.8AI score0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

4.3CVSS0.00217EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 8:4 p.m.29 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS0.00217EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 8:4 p.m.17 views

CVE-2026-33644

CVE-2026-33644 describes an SSRF bypass in Lychee prior to 7.5.2. The issue lies in the PhotoUrlRule.php validation: the IP address check (lines 86–89) activates only when the hostname is an IP, so domain names resolve to internal IPs and bypass the check, enabling potential SSRF. A patch is avai...

4.3CVSS5.8AI score0.00217EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2026/01/21 3:7 a.m.10 views

Nextcloud: IDOR on ██████ via direct photo URL leads to unauthorized access to deleted and other users' photos

Summary: An Insecure Direct Object Reference IDOR vulnerability exists in the application that allows unauthorized access to photos belonging to other users. The application does not properly validate whether the logged-in user is authorized to access a photo when accessing it via direct URL. Thi...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42670

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00436EPSS
Exploits4References1
0day.today
0day.today
added 2023/09/04 12:0 a.m.305 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Photo URL and YouTube URL) Vulnerability

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 ...

6.1CVSS7.1AI score0.00436EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.398 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (&#039;Photo URL&#039; and &#039;YouTube URL&#039; )

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...

6.1CVSS6.4AI score0.00436EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.334 views

CSZ CMS 1.3.0 Cross Site Scripting

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

6.1CVSS7.1AI score0.00468EPSS
Exploits7
OSV
OSV
added 2023/08/18 7:15 p.m.3 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS5.9AI score0.00436EPSS
Exploits4References1
NVD
NVD
added 2023/08/18 7:15 p.m.33 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS6.1AI score0.00436EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2023/08/18 7:15 p.m.3 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS6.5AI score0.00436EPSS
Exploits4References3
Prion
Prion
added 2023/08/18 7:15 p.m.10 views

Cross site scripting

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

5.8CVSS6AI score0.00436EPSS
Exploits4References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.2 views

PT-2023-26681 · Unknown +2 · Carousel Wiget +3

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing the carousel widget created above, in 'Photo URL' and 'YouTube...

6.1CVSS5.9AI score0.00436EPSS
Exploits4References5
Hacker One
Hacker One
added 2014/01/14 5:4 p.m.347 views

HackerOne: Upload profile photo from URL

Using this vulnerability users can upload images from any image URL. Just change upload type using inspect element from "type=file" to "type=url" , paste URL in text field and hit enter or click on "Update Profile". Your profile photo will be changed to photo from URL. P.S Im sorry for my bad...

7.5CVSS1.8AI score0.03053EPSS
Exploits0
Rows per page
Query Builder