Lucene search
K

4797 matches found

Nuclei
Nuclei
added 8 hours ago85 views

Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting

Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowdtabsactive parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can...

6.1CVSS6.7AI score0.0085EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...

7.5CVSS6AI score0.00486EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 6:16 a.m.12 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.38 views

CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.6 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41247

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 5:35 a.m.19 views

CVE-2026-5821

The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 5:26 p.m.4 views

WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/01 9:21 a.m.3 views

OPENSUSE-SU-2026:21190-1 Security update for openbabel

This update for openbabel fixes the following issues: Changes in openbabel: - Update to version 3.2.0: Add an L-BFGS optimizer, used by default for gen3d and conformer searches New macrocycle ring builder Dale codes for better initial 3D geometry of large rings Add KET Ketcher JSON and ChemicalJS...

9.8CVSS6.4AI score0.00863EPSS
Exploits23References27
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12904

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...

4.3CVSS0.00293EPSS
Exploits0References20
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12904

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress (versions ≤ 3.7.7) is affected by an Insecure Direct Object Reference. The root cause is a mismatch between the authorization object and the object actually accessed in Optimize_Rest_Controller endpoints (create_...

4.3CVSS5.8AI score0.00293EPSS
Exploits0References20
EUVD
EUVD
added 2026/07/01 3:43 a.m.7 views

EUVD-2026-40890

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...

4.3CVSS5.8AI score0.00293EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.40 views

CVE-2026-12904 Kadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' Parameter

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...

4.3CVSS0.00293EPSS
Exploits0References20
OSV
OSV
added 2026/06/28 12:1 a.m.3 views

RLSA-2023:3087 Important: mysql:8.0 security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.32. BZ2177734, BZ2177735, BZ2177736 Security Fixes: mysql: Server:...

7.5CVSS5.8AI score0.43131EPSS
Exploits0References43
Rockylinux
Rockylinux
added 2026/06/28 12:1 a.m.10 views

mysql:8.0 security, bug fix, and enhancement update

An update is available for module.mecab-ipadic, mecab, mecab-ipadic, module.mecab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user,...

7.5CVSS6.4AI score0.43131EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1844 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References14
Rockylinux
Rockylinux
added 2026/06/17 12:0 a.m.13 views

mysql:8.4 security update

An update is available for module.mysql, module.mecab, module.mecab-ipadic, mysql, mecab-ipadic, mecab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is ...

6.5CVSS7.9AI score0.00323EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:0 a.m.7 views

RLSA-2026:26180 Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fixes: mysql:...

6.5CVSS8AI score0.00323EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/16 7:33 a.m.7 views

Moderate: Red Hat Security Advisory: mysql:8.4 security update

An update for the mysql:8.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS7.8AI score0.00323EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/16 7:33 a.m.10 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS6.9AI score0.00303EPSS
Exploits0References6
Rows per page
Query Builder