18 matches found
CVE-2026-43526
OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...
CVE-2026-28451
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
CVE-2026-28451
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
EUVD-2026-9900
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities
i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...
CVE-2025-32696
CVE-2025-32696 (MediaWiki) is an improper preservation of permissions issue tied to RevertAction and ApiFileRevert, enabling bypass of the "reupload-own" restriction. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; root cause per Debian advisory involves bypass via reverting files. Remediatio...
Security update for python-httplib2 (moderate)
openSUSE Security Update: Security update for python-httplib2 Announcement ID: openSUSE-SU-2021:0796-1 Rating: moderate References: 1171998 1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 SUS...
Gentoo Security Advisory GLSA 200711-03 (gallery)
The remote host is missing updates announced in advisory GLSA 200711-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200711-03 (gallery)
The remote host is missing updates announced in advisory GLSA 200711-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1404-1 (gallery2)
The remote host is missing an update to gallery2 announced via advisory DSA 1404-1. OpenVAS Vulnerability Test $Id: deb14041.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1404-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
DSA-1404-1 gallery2 - privilege escalation
Bulletin has no description...
Fedora 7 : gallery2-2.2-0.7.svn20070831.fc7 (2007-2020)
Security fix release for Gallery 2.2 series. CVE text: Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using...
Gallery: Multiple vulnerabilities
Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...
CVE-2007-4650
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...
CVE-2007-4650
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...
CVE-2007-4650
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...
gallery2 -- multiple vulnerabilities
Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...