96 matches found
EUVD-2025-16692
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-3895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause...
SUSE CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...
CVE-2025-54132
CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos v0.24.3 and earlier versions, which stems from a markdown image that allows embedding of arbitrary URLs, potentially leading to information disclosur...
CVE-2025-49163
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...
CVE-2025-49163
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...
CVE-2025-49163
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...
CVE-2025-49163
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file...
PT-2025-23560 · Unknown +1 · Kreatv Sdk +1
Name of the Vulnerable Software and Affected Versions: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK Description: The issue allows booting an arbitrary image via a crafted /usr/bin/gunzip file. Recommendations: For Arris VIP1113 devices through 2025-05-30 with KreaTV SDK, as a temporar...
CVE-2025-49163
Arris VIP1113 devices (with KreaTV SDK) are affected by CVE-2025-49163. The issue allows booting an arbitrary image via a crafted /usr/bin/gunzip file, affecting devices through 2025-05-30. Root cause: manipulation of the gunzip component in the device’s boot flow. Impact as described: arbitrary ...
CVE-2024-13117
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...
CVE-2021-24641
The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion...
PT-2025-09: Path Traversal in TCPDF
The application performs insufficient validation of relative paths when processing SVG image. Bypassing validation using the payload allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequent inclusion of...
CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...
CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...
CVE-2024-13887
CVE-2024-13887 concerns the WordPress plugin Business Directory Plugin – Easy Listing Directories for WordPress (versions
CVE-2024-13117
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...
CVE-2024-13698 Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'downloadimageviaai' and 'generateimageviaai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticat...