CVE-2026-1373 Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL

The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'authorprofilepictureurl' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2018-1373

Malware in sbrugna...

CVE-2019-1373

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...

CVE-2025-1373

A flaw was found in FFmpeg. This vulnerability allows a null pointer dereference function in libavformat/mov.c, leading to potential crashes when processing maliciously crafted MOV files. Mitigation Mitigation for this issue is either not available or the currently available options do not meet t...

CVE-2025-1373

creationtimestamp| type| source ---|---|--- 2025-02-17 04:15:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lidv5efpal23 2025-02-17 06:39:27+00:00| seen| Telegram/BBQmikLzBulDf9bK-QvRj3sNwtSLx6KbuNb1DQqEFl3zUDni 2025-02-17 07:00:53+00:00| seen|...

CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

Softing Secure Integration Server 1.22 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...

CVE-2024-1373

creationtimestamp| type| source ---|---|--- 2024-03-11 11:26:27+00:00| seen| https://t.me/ctinow/204607 2024-03-11 11:26:28+00:00| seen| https://t.me/ctinow/204608...

CVE-2019-1373

creationtimestamp| type| source ---|---|--- 2024-02-11 14:07:14+00:00| seen| https://t.me/ctinow/182786...

CVE-2023-1373

creationtimestamp| type| source ---|---|--- 2023-04-17 16:42:04+00:00| seen| https://t.me/cibsecurity/62287...

CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

CVE-2023-1373

The CVE-2023-1373 entry concerns the WordPress plugin W4 Post List, affected up to version 2.4.6. The root cause is insufficient escaping of URLs output in HTML attributes, leading to a reflected XSS vulnerability. Impact is described as Reflected Cross-Site Scripting with low confidentiality/int...