CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

PT-2025-23440 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload...

Orbis CMS 1.0.2 Upload File Exploit

Exploit for php platform in category web applications +-----------------------------------------+ Exploit Title: Orbis CMS 1.0.2 Upload File Exploit Author: Dr.KroOoZ Software : http://www.novo-ws.com/orbis-cms/orbis-1.0.2.zip Tested on: Linux - Windows Dork : "Powered by Orbis CMS" Video :...

Directory traversal

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsOptionpagetype parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product...