Lucene search
K

59 matches found

NVD
NVD
added 9 hours ago7 views

CVE-2026-58657

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS
Exploits0References4
Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-58657 Grav - Stored CSS Injection via Markdown Image resize() Action

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS
Exploits0References4
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005485 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sitbitmapsize w/ below testcase, resize will generate a corrupted...

5.5CVSS6.7AI score0.00146EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.4 views

Debian dla-4486 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References4
Debian
Debian
added 2026/02/19 8:53 p.m.6 views

[SECURITY] [DSA 6145-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.5AI score0.00341EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Debian dsa-6145 : nova-api - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6145 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/17 3:0 p.m.5 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.9AI score0.00341EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/01/13 9:51 p.m.8 views

org.iplass:iplass-admin (>=4.0.0 <=4.0.20), org.iplass:iplass-gem (>=4.0.0 <=4.0.20) +7 more potentially affected by CVE-2025-15056 via org.webjars.npm:quill (>=2.0.0-rc.2 <=2.0.2)

org.webjars.npm:quill MAVEN version =2.0.0-rc.2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =2.10.2, =2.10.3-ssr.3 Source cves: CVE-2025-15056 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14927398...

6.1CVSS5.4AI score0.00221EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-20315

Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References19
NVD
NVD
added 2025/11/15 4:15 a.m.4 views

CVE-2025-12182

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS0.00195EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989672 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4...

5.5CVSS6.1AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-1607

Malware in sbrugna...

9.3CVSS8AI score0.05589EPSS
Exploits1References32
OSV
OSV
added 2025/07/04 2:15 p.m.2 views

DEBIAN-CVE-2025-38218

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sitbitmapsize w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s...

5.5CVSS5.7AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS8AI score0.00564EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.9 views

Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback

Description The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acmefiximagesajaxcallback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images...

6.8AI score0.00328EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.3 views

SUSE CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

8.8CVSS9.1AI score0.05589EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.4 views

SUSE CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...

7.5CVSS9.2AI score0.02711EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.4 views

SUSE CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

7.5CVSS9.2AI score0.0342EPSS
Exploits1References10
OSV
OSV
added 2021/11/10 7:33 p.m.3 views

GHSA-5HX2-QX8J-QJQM Overflow/crash in `tf.image.resize` when size is large

Impact If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. python import tensorflow as tf import numpy as np tf.keras.layers.UpSampling2D size=1610637938, dataformat='channelsfirst',...

5.5CVSS6AI score0.0023EPSS
Exploits1References8
Rows per page
Query Builder