CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2026-9269

The CVE pertains to the WordPress plugin “Secure Copy Content Protection and Content Locking” prior to version 5.1.5, which fails to sanitize and escape certain settings. This enables Stored XSS for high-privilege users (e.g., admin), even when unfiltered_html is disallowed (such as in multisite ...

ALSA-2026:5113 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...

Mozilla Firefox < 10.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory. - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data...

Mozilla Firefox < 10.0

The version of Firefox installed on the remote Windows host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory. - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for...

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in Qt versions 6.3.0 through 6.5.9, 6.6.0 through 6.8.4, and 6.9.0, which originates from a crash triggered by loading a specially crafted ICNS format image file...

PT-2024-27888 · WordPress · Salient Shortcodes

Name of the Vulnerable Software and Affected Versions: Salient Shortcodes plugin for WordPress versions up to, and including, 1.5.3 Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion via the icon shortcode image attribute. This allows authenticated...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-55351)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox due to a failure to properly handle certain icon image files. An attacker could exploit this vulnerability to cause a denial of service...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox due to a failure to properly handle certain icon image files. An attacker could exploit this vulnerability to cause a denial of service...

SUSE CVE-2017-8765

The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file...

CVE-2022-34154

Authenticated author or higher user role Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin = 1.0.1 at WordPress...

DEBIAN-CVE-2021-27922

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large...

Memory Corruption Vulnerability in WPS Image Processing ico

WPS Photo software is a practical tool from the official hand of WPS to see the picture, WPS Photo software is powerful, to help users browse a variety of image formats, the software is simple to operate, you can easily open a variety of types of pictures. WPS image processing ico memory corrupti...

Integer Overflow or Wraparound

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2image-2.0.2. A specially crafted ICO image can cause an...

Memory Corruption Vulnerability in EximiousSoft GIF Creator v7.31 Processing ICO Images (CNVD-2017-36513)

EximiousSoft GIF Creator is an animated GIF creator. EximiousSoft GIF Creator suffers from a memory corruption vulnerability when handling the ICO format. An attacker can cause the program to crash by constructing malformed ICO images...

DEBIAN-CVE-2017-8765

The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file...

USN-2626-1 qt4-x11, qtbase-opensource-src vulnerabilities

Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to...

Qt has multiple buffer overflow vulnerabilities (CNVD-2015-03161)

Qt is a cross-platform application framework. Multiple buffer overflow vulnerabilities exist in Qt versions prior to 4.8.7, and 5.x versions prior to 5.4.2, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted ICO image...

Invision Power Board 2.1 : Multiple XSS Vulnerabilities

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...