Lucene search
+L

44 matches found

snyk
snyk
added 2026/04/13 10:11 p.m.7 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
snyk
snyk
added 2026/04/13 10:11 p.m.7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in EncodeImageAttributes in the YAML and JSON encoders. An attacker can cause a crash. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
patchstack
patchstack
added 2026/03/22 10:11 p.m.7 views

WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability discovered by stealthcopter in WordPress Plugin Autoptimize versions = 3.1.14...

6.4CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/03/20 11:25 p.m.26 views

CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

6.4CVSS0.00198EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/03/09 8:2 a.m.6 views

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

6.1CVSS5.7AI score0.00252EPSS
Exploits1References1
nvd
nvd
added 2026/03/07 6:16 a.m.6 views

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

6.1CVSS0.00252EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/07 5:49 a.m.5 views

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

5.3CVSS5.7AI score0.00252EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.7 views

defuddle 跨站脚本漏洞

Defuddle is a web content extraction and cleaning tool developed by Steph Ango. Versions of Defuddle prior to 0.9.0 contained a cross-site scripting vulnerability. This vulnerability arose from the findContentBySchemaText method, which directly inserted image src and alt attributes into HTML...

6.1CVSS5.7AI score0.00252EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.17 views

PT-2026-23792

Name of the Vulnerable Software and Affected Versions Defuddle versions prior to 0.9.0 Description Defuddle contains a flaw in the findContentBySchemaText method within src/defuddle.ts. This method directly interpolates image src and alt attributes into an HTML string without proper escaping. An...

6.1CVSS5.8AI score0.00252EPSS
Exploits1References12
snyk
snyk
added 2026/02/24 1:30 a.m.4 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.8CVSS5.6AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2026/02/24 1:30 a.m.3 views

Stack-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.8CVSS5.6AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2026/02/24 1:30 a.m.4 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.8CVSS5.6AI score0.00272EPSS
Exploits0References2
cve
cve
added 2025/12/09 12:0 a.m.18 views

CVE-2022-50654

CVE-2022-50654 is a Linux kernel vulnerability fix. The available connected documents describe a concrete flaw: when livepatch and kretfunc coexist, the pageattr of im-&gt;image can be rox after arch_prepare_bpf_trampoline in bpf_trampoline_update. If modify_fentry or register_fentry returns -EAG...

6.1AI score0.00172EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/04 3:36 p.m.6 views

CVE-2025-13401

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...

6.4CVSS5AI score0.00271EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11476

Malware in sbrugna...

5.4CVSS5.6AI score0.0062EPSS
Exploits2References2
snyk
snyk
added 2025/06/04 6:30 p.m.3 views

Incomplete Filtering of Special Elements

Overview org.webjars.bower:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements through the ngSanitize module. An attacker can manipulate image sources and perform content spoofing by injecting...

6.3CVSS6.7AI score0.00302EPSS
Exploits0References2
nvd
nvd
added 2025/04/29 5:15 p.m.11 views

CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS0.00375EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5358

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c...

6.5CVSS9.4AI score0.01691EPSS
Exploits1References3
osv
osv
added 2019/08/23 2:15 p.m.3 views

CVE-2019-8444

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...

5.4CVSS5.7AI score0.0092EPSS
Exploits0References2
osv
osv
added 2018/01/12 9:29 a.m.4 views

DEBIAN-CVE-2018-5358

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c...

6.5CVSS6.5AI score0.01691EPSS
Exploits1References1
Rows per page
Query Builder