CVE-2025-61768

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

CVE-2025-61768

KUNO CMS prior to 1.3.15 is affected by an SSRF in the Media module via uploading specially crafted SVGs with external image references. A logged‑in administrator can trigger an outgoing connection to an arbitrary URL, enabling information disclosure or internal network probing. The issue is fixe...

CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

EUVD-2025-32593

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

KUNO 代码问题漏洞

KUNO is a blogging application by the individual developer XueMian ICT.RUN. A code issue vulnerability exists in KUNO versions prior to 1.3.15, which stems from the media module allowing the upload of specially crafted SVG files, which could lead to a server-side request forgery attack...

PT-2025-40951

Name of the Vulnerable Software and Affected Versions KUNO CMS versions prior to 1.3.15 Description KUNO CMS is a full-stack blog application. A Server-Side Request Forgery SSRF issue exists in the Media module of the administrative panel. An administrator can upload a specially crafted SVG file...

EUVD-2022-5043

Malicious code in bioql PyPI...

EUVD-2023-43110

Malicious code in bioql PyPI...

EUVD-2025-11267

Malicious code in bioql PyPI...

Google Chrome 安全漏洞

Google Chrome on Windows is a web browser developed by Google Inc. that supports Windows 10 and later systems and provides a fast and secure web browsing experience. Google Chrome on Windows suffers from a Media module misimplementation vulnerability, which can be exploited by attackers to...

CVE-2023-39385

Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access...

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

CVE-2017-1000217

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

PT-2025-8825 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified, specifically in the media: i2c: ds90ub9x3 module. The ub913 and ub953 drivers call fwnode handle putpriv-sd.fwnode as part of their...

CVE-2022-49254

CVE-2022-49254 concerns the Linux kernel media TI-VPE driver. In cal_ctx_v4l2_init_formats(), the code assigns the result of devm_kzalloc() to ctx->active_fmt and then dereferences it unconditionally, which could cause a NULL pointer dereference if allocation fails. The vulnerability is mitiga...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the use of the uninitialized local variable rb as a read buffer in the dvb-frontends/dib3000mb driver of t...

CVE-2024-56577

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f "media: mtk-jpeg: refactor some variables", otherwise the below calltrace can be easily...

CVE-2024-56577

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f "media: mtk-jpeg: refactor some variables", otherwise the below calltrace can be easily...