271 matches found
EUVD-2025-200973
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "createimgpreloadtag" function...
PT-2025-48810
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create img preload tag" function...
CVE-2025-12658
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
EUVD-2025-60935
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12658
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12658
CVE-2025-12658 affects the WordPress plugin Preload Current Images (versions up to 1.3). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the complete parameter in the preload_progress_bar shortcode, caused by insufficient input sanitization and output escaping of user-supplied attrib...
CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2025-46286
Name of the Vulnerable Software and Affected Versions Preload Current Images plugin for WordPress versions prior to 1.4 Description The Preload Current Images plugin for WordPress is susceptible to Stored Cross-Site Scripting through the complete parameter within the 'preload progress bar'...
WordPress plugin Preload Current Images 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Preload Current Images plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Preload Current Images versions = 1.3...
Exploit for CVE-2015-1328
CVE-2015-1328 Proof of Concept A Proof of Concept PoC explo...
EUVD-2017-3886
Malware in sbrugna...
EUVD-2016-6086
Malware in sbrugna...
EUVD-2017-7874
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987252)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987252 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinn...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414616)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414616 advisory. An issue was discovered in the Linux kernel before 5.11.11. The user mode driver UMD has a copyprocess memory leak, related to a lack of cleanup steps in...
CVE-2025-34190
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...