Lucene search
K

129 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33849

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.00155EPSS
Exploits0References4
Debian
Debian
added 2026/03/30 3:9 p.m.4 views

[SECURITY] [DLA 4517-1] roundcube security update

Debian LTS Advisory DLA-4517-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 30, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u8 CVE ID : not yet available Debian Bug : 1131182 1132268 Multiple vulnerabilities were...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/02/21 5:36 a.m.23 views

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS0.005EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/13 1:22 p.m.5 views

CVE-2026-1356

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...

4.8CVSS5.7AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/12 9:25 a.m.27 views

CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...

4.8CVSS0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.10 views

PT-2026-7833

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load image source function. This makes it possible for unauthenticated attackers to make web reques...

4.8CVSS5.7AI score0.00229EPSS
Exploits0References3
NVD
NVD
added 2025/12/15 9:15 p.m.9 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS0.00205EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.5 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS6.1AI score0.00205EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.27 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS0.00205EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.10 views

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46284

Name of the Vulnerable Software and Affected Versions Live Photos on WordPress plugin versions prior to 0.1 Description The Live Photos on WordPress plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00161EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.9 views

WordPress plugin Live Photos on WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11693

Malware in sbrugna...

4.3CVSS4.7AI score0.00768EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12635

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00375EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-2935

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-56860

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2025/09/29 9:15 p.m.7 views

CVE-2025-34212

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

9.8CVSS6.4AI score0.00627EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/07/22 5:4 p.m.12 views

CVE-2025-7903

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.4CVSS4.6AI score0.0024EPSS
Exploits1References1
NVD
NVD
added 2025/07/20 5:15 p.m.7 views

CVE-2025-7903

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.4CVSS0.0024EPSS
Exploits1References4
OSV
OSV
added 2025/07/20 5:15 p.m.10 views

CVE-2025-7903

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.4CVSS6.6AI score
Exploits0References4
Rows per page
Query Builder