CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

332 matches found

Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting

Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowdtabsactive parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can...

6.1CVSS6.9AI score0.17762EPSS

Exploits2References3

IBM Security Bulletins•added 2026/05/01 11:45 a.m.•1 views

Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.

Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...

7.5CVSS5.8AI score0.0015EPSS

Exploits0Affected Software1

Patchstack•added 2026/04/20 3:1 p.m.•2 views

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...

5.8AI score

Exploits0Affected Software1

Nuclei•added 2026/04/03 7:34 a.m.•6 views

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure

The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. id: CVE-2023-406...

7.5CVSS7.1AI score0.46927EPSS

Exploits1References3

VulnCheck KEV•added 2026/03/31 12:0 a.m.•9 views

VulnCheck KEV: CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

7.5CVSS7.8AI score0.46927EPSS

In wildExploits1References2

Patchstack•added 2026/03/27 11:16 a.m.•3 views

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Attachment Title vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...

5.4CVSS5.9AI score0.00049EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/27 4:59 a.m.•2 views

CVE-2026-4335

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

5.4CVSS6AI score0.00049EPSS

Exploits0References1

EUVD•added 2026/03/26 6:30 a.m.•1 views

EUVD-2026-16087

5.4CVSS6AI score0.00049EPSS

Exploits0References7

Vulnrichment•added 2026/03/26 2:25 a.m.•3 views

CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

5.4CVSS6AI score0.00049EPSS

Exploits0References6

ATTACKERKB•added 2026/03/26 2:25 a.m.•1 views

CVE-2026-4335

5.4CVSS6AI score0.00049EPSS

Exploits0References7

Cvelist•added 2026/03/26 2:25 a.m.•26 views

CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title

5.4CVSS0.00049EPSS

Exploits0References6

CVE•added 2026/03/26 2:25 a.m.•3 views

CVE-2026-4335

The ShortPixel Image Optimizer WordPress plugin (≤ 6.4.3) is vulnerable to Stored Cross-Site Scripting via the attachment post_title. The root cause is insufficient output escaping in getEditorPopup() and media-popup.php, where the attachment title retrieved from get_post() is inserted into an HT...

5.4CVSS6AI score0.00049EPSS

Exploits0References6

CNNVD•added 2026/03/26 12:0 a.m.•2 views

WordPress plugin ShortPixel Image Optimizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References6

Tenable Nessus•added 2026/03/20 12:0 a.m.•8 views

Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x / 16.x < 16.1.7 Image Optimizer Disk Cache DoS (GHSA-3x4c-7xq6-9pq8)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in the Next.js image optimization feature which lacks a configurable upper limit on disk cache size. An attacker can deliberately generate many unique...

7.5CVSS5.8AI score0.00023EPSS

Exploits0References2

RedhatCVE•added 2026/02/20 1:27 p.m.•1 views

CVE-2026-25370

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through = 6.60.28...

5.3CVSS5.5AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 1:27 p.m.•2 views

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

4.3CVSS5.5AI score0.00053EPSS

Exploits0References1

Patchstack•added 2026/02/20 7:51 a.m.•2 views

WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Image Optimizer by Elementor versions = 1.7.1...

4.3CVSS5.4AI score0.00053EPSS

Exploits0Affected Software1