WordPress Plugin ImageRecycle pdf & image compression security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2021-46982

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate posfsstress testcase complains a panic as belew: ------------ cut here ------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 1 SMP PTI CPU: 4 PID:...

PT-2024-26784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A descriptor leak issue has been resolved in the Linux kernel. The iaa compress and iaa decompress functions' disable async paths do not free idxd descriptors when req-dst is set to null...

SUSE CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

DEBIAN-CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

UBUNTU-CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-26590

Summary (CVE-2024-26590) : In the Linux kernel, the EROFS filesystem’s per-file compression format handling could become inconsistent when a crafted image uses an algorithm type not listed in sbi->available_compr_algs. This could trigger a NULL pointer dereference if the corresponding decompre...

CVE-2024-26590 erofs: fix inconsistent per-file compression format

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-26590 erofs: fix inconsistent per-file compression format

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

CVE-2024-1090

CVE-2024-1090 affects the ImageRecycle pdf & image compression WordPress plugin up to version 3.1.13. The issue is a missing capability check in stopOptimizeAll, allowing authenticated users with subscriber-level access and above to modify image optimization settings. Root cause: broken access co...

CVE-2024-1336

CVE-2024-1336 refers to the ImageRecycle pdf & image compression WordPress plugin (versions

CVE-2024-1335

The ImageRecycle pdf & image compression WordPress plugin (

CVE-2024-1091

The CVE-2024-1091 entry concerns ImageRecycle pdf & image compression for WordPress. A missing capability check in the reinitialize function across versions up to and including 3.1.13 leads to unauthorized data modification by authenticated users with subscriber-level access or higher. The vulner...

CVE-2024-1339 ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove...

CVE-2024-1334 ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...

Scrapy decompression bomb vulnerability

Impact Scrapy limits allowed response sizes by default through the DOWNLOADMAXSIZE and DOWNLOADWARNSIZE settings. However, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to...