Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

CVE-2026-34545

A flaw was found in OpenEXR, an image storage format for the motion picture industry. An attacker can exploit this vulnerability by providing a specially crafted .exr file with HTJ2K compression and a specific channel width. This allows controlled data to be written beyond the output heap buffer,...

CVE-2023-40196

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.11 versions...

CVE-2025-22288

CVE-2025-22288 is a path traversal vulnerability in the WordPress Smush Image Compression and Optimization plugin (wp-smushit) by WPMU DEV. The issue is described as a directory traversal flaw allowing access via a path like '.../...//', affecting the Smush Image Compression and Optimization plug...

WordPress plugin Smush Image Compression and Optimization 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

PT-2025-45187

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

EUVD-2017-6548

Malware in sbrugna...

SUSE CVE-2025-59731

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...

SUSE CVE-2025-59732

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

SUSE CVE-2025-59733

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

EUVD-2025-32514

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

EUVD-2023-48575

Malicious code in bioql PyPI...

EUVD-2022-51474

Malicious code in bioql PyPI...

EUVD-2024-52391

Malicious code in bioql PyPI...

EUVD-2025-18937

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-4104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service...

MAL-2025-17459 Malicious code in compress-img-and-upload-to-s3-securely-pretty-please-with-sugar-on-top (npm)

The package compress-img-and-upload-to-s3-securely-pretty-please-with-sugar-on-top was found to contain malicious code...

Malicious code in compress-img-and-upload-to-s3-securely-pretty-please-with-sugar-on-top (npm)

The package compress-img-and-upload-to-s3-securely-pretty-please-with-sugar-on-top was found to contain malicious code...

CVE-2025-49667

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

CVE-2025-49969

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through = 1.2.17.2...