3091 matches found
Essential Grid <= 3.1.0 - Cross-Site Scripting
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability in ThemePunch OHG Essential Grid plugin = 3.1.0 versions. id: CVE-2023-47684 info: name: Essential Grid = 3.1.0 - Cross-Site Scripting author: 0xpugal severity: medium description: | Unauthenticated Reflected Cross-Site Scripting XS...
Post Grid <= 2.2.50 - Information Exposure via REST API
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...
GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow
Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...
EUVD-2026-40387
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
PT-2026-53942
Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, and ObjectInputStreamResolver do not install a JEP-290 class filter, which i...
SUSE SLED15: gdk-pixbuf-loader-libheif / libheif-aom / libheif-dav1d / etc (SUSE-SU-2026:2622-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2622-1 advisory. This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read i...
SUSE-SU-2026:2622-1 Security update for libheif
This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libheif vulnerabilities (USN-8454-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8454-1 advisory. Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files...
CVE-2017-20280
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
EUVD-2017-19007
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
Astra Linux – Vulnerability in virglrenderer
A NULL pointer dereferencing in the vrendrenderer.c file of virglrenderer during versions 0.8.1 allows attackers to cause a denial of service by using commands that attempt to launch a grid without first providing a Compute Shader CS...
PT-2026-50961
Name of the Vulnerable Software and Affected Versions Joomla Component Myportfolio version 3.0.2 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
PT-2026-50948
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...
USN-8454-1: libheif vulnerabilities
Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...
CVE-2026-12360
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...
Malicious code in dash-grid-normalizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...
MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...
CVE-2026-9019
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-9019
CVE-2026-9019 affects the WordPress plugin Easy Image Collage (versions up to and including 1.13.6). The issue is a Stored Cross-Site Scripting (Stored XSS) vulnerability arising from insufficient input sanitization and output escaping in the parameters grid[properties][borderColor] and grid[imag...