Lucene search
K

972 matches found

CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

GIMP 输入验证错误漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a vulnerability related to input validation, which stems from integer overflow during the parsing of ANI files. This vulnerability may lead to remote code execution...

7.8CVSS7.5AI score0.00664EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.7 views

CVE-2026-39702 WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:30 a.m.13 views

EUVD-2026-20404

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.28 views

CVE-2026-39702 WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.34 views

CVE-2026-39702

The CVE-2026-39702 entry relates to Wealcoder Animation Addons for Elementor. All connected sources describe a DOM-Based Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting Animation Addons for Elementor up to and including versio...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.14 views

WordPress plugin Animation Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.6AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31264

Name of the Vulnerable Software and Affected Versions Wealcoder Animation Addons for Elementor versions through 2.6.1 Description Animation Addons for Elementor is susceptible to a DOM-Based Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This...

6.5CVSS6.2AI score0.00133EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/06 10:54 p.m.7 views

PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/06 10:54 p.m.8 views

GHSA-7HMV-4J2J-PP6F PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...

4.3CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/03 3:6 p.m.5 views

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.5 views

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS6.7AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 3:57 a.m.20 views

CVE-2026-35543

The CVE affects Roundcube Webmail versions before 1.5.14 and 1.6.14. The issue allows bypassing the remote image blocking feature via SVG content (with animate attributes) in an e-mail message, which can lead to information disclosure or an access-control bypass. Remediation details documented in...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/03 3:57 a.m.1 views

CVE-2026-35543

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS6.2AI score0.00402EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/02 12:31 a.m.11 views

EUVD-2026-18104

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS6.7AI score0.00209EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 11:17 p.m.6 views

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 10:59 p.m.3 views

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS6.7AI score0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:59 p.m.2 views

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS6.7AI score0.00209EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/01 10:59 p.m.27 views

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS0.00209EPSS
Exploits0References2
Rows per page
Query Builder