CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajaxuploadimage function. This makes i...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

EUVD-2025-205853

inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2025-66723

CVE-2025-66723 affects inMusic Brands Engine DJ; the vulnerability stems from insecure permissions in the Remote Library’s exposed HTTP service, allowing an attacker to access all files and network paths. Impact is described for Engine DJ versions 4.3.0 and earlier up to 4.3.4-prepared fixes; the...

PT-2025-54227

Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...

inMusic Engine DJ 安全漏洞

inMusic Engine DJ is a suite of professional DJ software from inMusic USA. A security vulnerability exists in inMusic Engine DJ version 4.3.0, which stems from an insecure privilege in the exposed HTTP service in the remote library that could lead to access to all files and network paths...

CVE-2021-22645

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll fro...

SUSE CVE-2013-2458

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU...

Unspecified Vulnerability in JetBrains IntelliJ IDEA

Jetbrains JetBrains IntelliJ IDEA is a Czech JetBrains Jetbrains company's set of integrated development environment for the Java language. A security vulnerability exists in Jetbrains JetBrains IntelliJ IDEA. The vulnerability stems from the software's use of http links for remote library storag...

JetBrains IntelliJ IDEA 安全漏洞

Jetbrains JetBrains IntelliJ IDEA is a Czech JetBrains Jetbrains company's set of integrated development environment for the Java language. A security vulnerability exists in Jetbrains JetBrains IntelliJ IDEA. The vulnerability stems from the software's use of http links for remote library storag...

CVE-2016-6592

A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and...