CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

UBUNTU-CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

CVE-2026-33990

Docker Model Runner (DMR) is affected by an SSRF in the OCI registry token exchange flow prior to version 1.1.25. When pulling a model, DMR uses the realm URL from the registry’s WWW-Authenticate header without validating the scheme, hostname, or IP range, allowing a malicious OCI registry to dir...

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

GHSA-X2F5-332J-9XWQ Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the OCI registry token exchange function when the realm URL from the WWW-Authenticate header is not validated for scheme, hostname, or IP range. An attacker can cause the application to make...

EUVD-2017-6654

Malware in sbrugna...

WordPress Productive Style plugin <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via displayproductivebreadcrumb Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Productive Style versions = 1.1.23...

CVE-2025-26962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

WordPress plugin Easy Contact Form Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Easy Contact Form Lite versions = 1.1.25...

CVE-2025-24732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25...

WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin BookingPress versions = 1.1.25...

PT-2025-5546 · Unknown · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.25 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts into...

WordPress plugin BookingPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BookingPre...

CVE-2023-30759

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an...

Ricoh Printer Driver Packager NX 数据伪造问题漏洞

Ricoh Printer Driver Packager NX is a tool for IT managers at Ricoh Japan to customize and package printer drivers. A security vulnerability exists in Ricoh Printer Driver Packager NX versions v1.0.02 through v1.1.25, which originated when administrator privileges are required for the installatio...

SUSE CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...