Lucene search
K

18 matches found

NVD
NVD
added 2026/05/05 12:16 p.m.12 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

9.3CVSS0.00251EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.7 views

CVE-2026-28451

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

9.3CVSS5.8AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 10:16 p.m.5 views

CVE-2026-28451

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

9.3CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9900

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

6.3CVSS5.9AI score0.00275EPSS
Exploits0References3
OSV
OSV
added 2025/11/05 10:49 p.m.22 views

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

6.9CVSS5.4AI score0.0041EPSS
Exploits0References6
CVE
CVE
added 2025/04/10 6:28 p.m.126 views

CVE-2025-32696

CVE-2025-32696 (MediaWiki) is an improper preservation of permissions issue tied to RevertAction and ApiFileRevert, enabling bypass of the "reupload-own" restriction. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; root cause per Debian advisory involves bypass via reverting files. Remediatio...

6.6AI score0.00298EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/26 12:0 a.m.55 views

Security update for python-httplib2 (moderate)

openSUSE Security Update: Security update for python-httplib2 Announcement ID: openSUSE-SU-2021:0796-1 Rating: moderate References: 1171998 1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 SUS...

6.8CVSS6.8AI score0.03876EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.21 views

Gentoo Security Advisory GLSA 200711-03 (gallery)

The remote host is missing updates announced in advisory GLSA 200711-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.4CVSS0.4AI score0.01695EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.15 views

Gentoo Security Advisory GLSA 200711-03 (gallery)

The remote host is missing updates announced in advisory GLSA 200711-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.7AI score0.01695EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.18 views

Debian Security Advisory DSA 1404-1 (gallery2)

The remote host is missing an update to gallery2 announced via advisory DSA 1404-1. OpenVAS Vulnerability Test $Id: deb14041.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1404-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

6.4CVSS0.1AI score0.01695EPSS
Exploits0
OSV
OSV
added 2007/11/08 12:0 a.m.6 views

DSA-1404-1 gallery2 - privilege escalation

Bulletin has no description...

6.4CVSS6.7AI score0.01695EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/06 12:0 a.m.23 views

Fedora 7 : gallery2-2.2-0.7.svn20070831.fc7 (2007-2020)

Security fix release for Gallery 2.2 series. CVE text: Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using...

6.4CVSS5.5AI score0.01695EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2007/11/01 12:0 a.m.17 views

Gallery: Multiple vulnerabilities

Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...

6.4CVSS6.8AI score0.01695EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2007/09/04 5:17 p.m.17 views

CVE-2007-4650

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

6.4CVSS5.9AI score0.01695EPSS
Exploits0References1
NVD
NVD
added 2007/09/04 5:17 p.m.7 views

CVE-2007-4650

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

6.4CVSS6.5AI score0.01695EPSS
Exploits0References14
Prion
Prion
added 2007/09/04 5:17 p.m.11 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

6.4CVSS6.7AI score0.01695EPSS
Exploits0References14Affected Software1
Cvelist
Cvelist
added 2007/09/04 5:0 p.m.18 views

CVE-2007-4650

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

6.3AI score0.01695EPSS
Exploits0References14
FreeBSD
FreeBSD
added 2007/08/29 12:0 a.m.27 views

gallery2 -- multiple vulnerabilities

Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...

6.4CVSS6.4AI score0.01695EPSS
Exploits0
Rows per page
Query Builder