Lucene search
K

129 matches found

CNNVD
CNNVD
added 2025/01/18 12:0 a.m.2 views

WordPress plugin Image Source Control Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS7.5AI score0.0035EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/01/17 8:14 p.m.2 views

WordPress Image Source Control Lite – Show Image Credits and Captions plugin <= 2.28.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Stefan Bogdanovic in WordPress Plugin Image Source Control versions = 2.28.0...

6.1CVSS6.3AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/15 1:38 p.m.4 views

WordPress Image Source Control Lite Plugin <= 2.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki Patchstack Alliance in WordPress Plugin Image Source Control versions = 2.29.0...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-17265 · WordPress · Primer Mydata For Woocommerce

Name of the Vulnerable Software and Affected Versions: Primer MyData for Woocommerce plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the img src parameter due to insufficient input sanitization and output escaping...

6.1CVSS6.8AI score0.00285EPSS
Exploits0References7
Snyk
Snyk
added 2024/11/26 6:38 p.m.4 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the src tag. An attacker can read arbitrary files from the server's file system. Remediation Upgrade tecnickcom/tcpdf to version 6.7.6 or higher. References - GitHub Commit Credit:...

6.9CVSS7AI score0.00816EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 6:15 p.m.5 views

DEBIAN-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS6.3AI score0.00662EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 6:15 p.m.2 views

UBUNTU-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS5.8AI score0.00662EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.8 views

PT-2024-32480 · Openstack +1 · Openstack Ironic +1

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 21.4.4 OpenStack Ironic versions 22.x through 23.x before 23.0.3 OpenStack Ironic versions 23.x through 24.x before 24.1.3 OpenStack Ironic versions 25.x through 26.x before 26.1.0 Description: The issue is...

6.9CVSS6.8AI score0.00662EPSS
Exploits0References23
Cvelist
Cvelist
added 2024/10/04 12:0 a.m.18 views

CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

0.00662EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.4 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic that stems from a lack of checksum validation of the provided imagesource URL. The following versions...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References6
OSV
OSV
added 2024/09/09 3:30 p.m.5 views

GHSA-M9GF-397R-HWPG AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

6.3CVSS7AI score0.00574EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/09/09 3:30 p.m.30 views

AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

4.8CVSS6.5AI score0.00599EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/09 3:30 p.m.28 views

AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.8CVSS6.6AI score0.00574EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/09/09 3:15 p.m.22 views

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.8CVSS0.00574EPSS
Exploits1References4
OSV
OSV
added 2024/09/09 3:15 p.m.3 views

DEBIAN-CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.3CVSS6.8AI score0.00574EPSS
Exploits1References1
OSV
OSV
added 2024/09/09 3:15 p.m.26 views

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.3CVSS4.5AI score0.00574EPSS
Exploits1References4
OSV
OSV
added 2024/09/09 3:15 p.m.11 views

CVE-2024-8373

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

4.3CVSS6.3AI score0.00599EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/09/09 2:46 p.m.17 views

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.8CVSS6.8AI score0.00574EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/05/20 8:36 p.m.34 views

Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

5.5CVSS6.5AI score0.0019EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.6 views

PT-2024-26372 · Docker +3 · Docker +3

Name of the Vulnerable Software and Affected Versions: Trivy versions prior to 0.51.2 Description: A malicious actor can trigger Trivy to leak credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registry AC...

8.4CVSS6.2AI score0.00973EPSS
Exploits1References20
Rows per page
Query Builder