621 matches found
CVE-2025-64178
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
EUVD-2025-37862
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178
Jellysweep (the Jellyfin cleanup tool) has an input validation flaw in the /api/images/cache endpoint: an unvalidated url parameter is passed directly to the cache library, allowing the server to fetch arbitrary content. Affected versions are 0.12.1 and earlier; authenticated users only can trigg...
CVE-2025-62046 WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...
CVE-2025-62046
CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...
CVE-2025-58629 WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.0.9...
CVE-2025-58629
CVE-2025-58629 affects the WordPress Miraculous theme prior to version 2.0.9, with a Missing Authorization vulnerability that enables exploitation of improperly configured access controls to perform arbitrary content deletion. Affected component is the Miraculous WordPress theme; root cause is mi...
Jellysweep 代码问题漏洞
Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...
GHSA-XC93-Q32J-CPCG Jellysweep uses uncontrolled data in image cache API endpoint
Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...
Jellysweep uses uncontrolled data in image cache API endpoint
Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...
PT-2025-45386
Name of the Vulnerable Software and Affected Versions Jellysweep versions 0.12.1 and below Description Jellysweep is a cleanup tool for the Jellyfin media server. The /api/images/cache API endpoint accepts a URL parameter that is directly passed to a cache package, allowing the server to download...
CVE-2025-52757
CVE-2025-52757 affects the WordPress plugin Sumo Memberships for WooCommerce up to and including version 7.6.0. The issue is described as a Missing Authorization vulnerability caused by incorrectly configured access control, enabling unauthorized actions such as Arbitrary Content Deletion. The Re...
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...
EUVD-2006-6054
Malware in sbrugna...
EUVD-2011-0018
Malware in sbrugna...
EUVD-2021-25547
Malware in sbrugna...