IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin 缓冲区错误漏洞

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the execution of operations beyond the buffer boundaries in memory during the processing of DWG files. Exploiting this vulnerability allows an attacker to execut...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, is related to memory corruption. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DWG format files...

CVE-2024-9898

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-6929

The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4873

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-11224

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-8108

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8363

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2022-47611

Cross-Site Request Forgery CSRF vulnerability in Julian Weinert // cs Hover Image plugin = 1.4.1 versions...

CVE-2025-4419

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...

CVE-2015-6967

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/myimage/image.php...

PT-2025-21470 · Pdfcrowd · Save As Image Plugin

Name of the Vulnerable Software and Affected Versions: Save as Image Plugin by Pdfcrowd versions prior to 3.2.2 Description: The issue concerns the Save as Image Plugin by Pdfcrowd WordPress plugin, where certain settings are not properly sanitised and escaped. This could allow high-privilege...

The vulnerability of the PSDImagePlugin.PsdImageFile component in the Pillow library for handling raster graphics allows a hacker to induce a service failure.

The vulnerability of the PSDImagePlugin.PsdImageFile component in the Pillow library for handling raster graphics is related to an unvalidated return value. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2025-22317 WordPress Gallery Images Ape plugin <= 2.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8...

PT-2025-1729 · WordPress · Wp Menu Image

Name of the Vulnerable Software and Affected Versions: WP Menu Image plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to a missing capability check on the wmi delete img menu function, which allows unauthenticated attackers to delete images from menus. Thi...

CVE-2024-52492 WordPress Image horizontal reel scroll slideshow plugin <= 13.4 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4...

WordPress Parallax Image plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via position Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Parallax Image versions = 1.9...