CVE-2026-3472

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

CVE-2026-44345

CVE-2026-44345 affects BentoML. A multi-line value supplied to docker.base_image in bento.yaml is interpolated into the Dockerfile without escaping or validation, allowing an attacker-controlled Dockerfile fragment to inject arbitrary RUN directives. When bentoml containerize runs docker build, t...

VulnCheck KEV: CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

EUVD-2013-4238

Malware in sbrugna...

BIT-KYVERNO-2022-47633

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...

Linux Distros Unpatched Vulnerability : CVE-2013-4354

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the...

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform GCP Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity t...

Cross site scripting

A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospitalactivities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads ...

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

Nextcloud Access Control Error Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server. An attacker could exploit the vulnerability to inline add an image to a text file and...

CVE-2023-33255

CVE-2023-33255 affects Papaya Viewer 1.0.1449. User-supplied DICOM/NIFTI image data can be loaded without sanitization, allowing injection of arbitrary JavaScript into image metadata that executes when metadata is displayed (XSS). Root cause: lack of input sanitization in image metadata handling....

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

SUSE CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...

PT-2022-28078 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions 1.8.3 through 1.8.4 Description: An image signature validation bypass issue allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster...

CVE-2022-25337

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...