Mattermost 访问控制错误漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...

[SECURITY] Fedora 44 Update: libexif-0.6.26-1.fc44

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags...

CVE-2026-29107

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

PT-2026-26445

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082

Joomla! Core is affected by CVE-2025-63082: lack of input filtering enables an XSS vector in the HTML filter code when processing data URLs in img tags. Affected products/versions include Joomla! 3.9.x before 5.4.2 and 6.x before 6.0.2, as reported by multiple sources. The issue stems from inadeq...

PT-2026-1462

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A flaw exists due to insufficient input validation, resulting in a cross-site scripting XSS vector within the HTML filter code. This issue specifically relates to data URLs fou...

EUVD-2002-2317

Malware in sbrugna...

EUVD-2002-1880

Malware in sbrugna...

CLSA-2025-1751141320 gstreamer1-plugins-good: Fix of CVE-2024-47613

CVE-2024-47613: fix integer overflow in available data check for image tags...

CVE-2002-2339

Cross-site scripting XSS vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in 1 image, 2 img, 3 image=right, 4 img=right, 5 image=left, and 6 img=left tags...

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's...

PT-2023-31059 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists via the img tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. Recommendations...

OESA-2023-1934 gstreamer1-plugins-good security update

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

USN-6269-1 gst-plugins-good1.0 vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37327...

USN-6269-1: GStreamer Good Plugins vulnerability

It was discovered that GStreamer Good Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37327...