Lucene search
+L

96 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16692

Malicious code in bioql PyPI...

6.7CVSS6.6AI score0.00137EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-3895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause...

8CVSS6.5AI score0.01421EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/08/14 2:53 a.m.8 views

SUSE CVE-2025-50738

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...

9.8CVSS6.4AI score0.02095EPSS
Exploits1References3
Veracode
Veracode
added 2025/08/11 5:38 p.m.6 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...

9.8CVSS6.6AI score0.02095EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/08/01 11:5 p.m.45 views

CVE-2025-54132

CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...

7.5CVSS7.3AI score0.00338EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos v0.24.3 and earlier versions, which stems from a markdown image that allows embedding of arbitrary URLs, potentially leading to information disclosur...

9.8CVSS6.3AI score0.02095EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/06/04 12:14 a.m.7 views

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

6.7CVSS7.1AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 12:15 a.m.15 views

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

6.7CVSS0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 12:0 a.m.6 views

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

6.7CVSS7.1AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 12:0 a.m.14 views

CVE-2025-49163

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...

6.7CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.15 views

PT-2025-23560 · Unknown +1 · Kreatv Sdk +1

Name of the Vulnerable Software and Affected Versions: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK Description: The issue allows booting an arbitrary image via a crafted /usr/bin/gunzip file. Recommendations: For Arris VIP1113 devices through 2025-05-30 with KreaTV SDK, as a temporar...

6.7CVSS6.3AI score0.00137EPSS
Exploits0References5
CVE
CVE
added 2025/06/02 12:0 a.m.58 views

CVE-2025-49163

Arris VIP1113 devices (with KreaTV SDK) are affected by CVE-2025-49163. The issue allows booting an arbitrary image via a crafted /usr/bin/gunzip file, affecting devices through 2025-05-30. Root cause: manipulation of the gunzip component in the device’s boot flow. Impact as described: arbitrary ...

6.7CVSS7.3AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.6 views

CVE-2024-13117

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

6.5CVSS7.2AI score0.0047EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.7 views

CVE-2021-24641

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion...

8.1CVSS6.9AI score0.00519EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.9 views

PT-2025-09: Path Traversal in TCPDF

The application performs insufficient validation of relative paths when processing SVG image. Bypassing validation using the payload allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequent inclusion of...

8.7CVSS7.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/13 3:21 a.m.5 views

CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

5.3CVSS5.3AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/13 3:21 a.m.13 views

CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

5.3CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 3:21 a.m.49 views

CVE-2024-13887

CVE-2024-13887 concerns the WordPress plugin Business Directory Plugin – Easy Listing Directories for WordPress (versions

5.3CVSS5.2AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2025/01/27 6:15 a.m.13 views

CVE-2024-13117

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

6.5CVSS0.0047EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/24 3:21 p.m.22 views

CVE-2024-13698 Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation

The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'downloadimageviaai' and 'generateimageviaai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticat...

6.5CVSS0.00314EPSS
Exploits0References2
Rows per page
Query Builder