9 matches found
External Control of File Name or Path
Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...
CVE-2026-48920
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
CVE-2026-48920
CVE-2026-48920 affects Jenkins’ Email Extension Plugin (versions up to 1933.v45cec755423f and earlier). The vulnerability arises when inlining images as base64 via the data-inline attribute, with no restrictions on inlined image URLs, enabling an attacker-controlled email to specify file: URLs an...
EUVD-2026-32511
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
CVE-2026-48920
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
Use of NullPointerException Catch to Detect NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to Use of NullPointerException Catch to Detect NULL Pointer Dereference in the MultimodalTokenize function that improperly processes NULL from mtmdhelperbitmapinitfrombuf function of vendored llama.cpp. An attacker can cause the applicatio...
CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
PT-2023-18775 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.4 Description: The issue allows for Cross-Site Scripting XSS through the error message in a Base64-encoded image in a View. This affects instances with Splunk Web enabled. Recommendations: For versions...
End of support for Office 2016 and Office 2019
None None...