Siemens RuggedCom Rox Improper Input Validation (CVE-2020-10648)

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. This plugin only works with Tenable.ot. Please visit...

CVE-2026-46337 WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via image404Raw.php. An attacker can access arbitrary image files, including those protected by access controls, by supplying crafted path...

PT-2026-26335

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

EUVD-2026-4865

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

EUVD-2025-119997

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

EUVD-2014-8593

Malware in sbrugna...

EUVD-2006-6051

Malware in sbrugna...

EUVD-2015-4061

Malware in sbrugna...

EUVD-2020-3096

Malware in sbrugna...

EUVD-2024-18580

Malicious code in bioql PyPI...

EUVD-2024-51357

Malicious code in bioql PyPI...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images...

CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

CVE-2025-4419

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...

CVE-2025-4419

CVE-2025-4419 affects the Hot Random Image WordPress plugin (versions up to and including 1.9.2). The flaw is a path traversal vulnerability via the path parameter that, when exploited by authenticated users with Contributor-level access or higher, can disclose arbitrary image files outside the i...

CVE-2024-11219

CVE-2024-11219 affects Otter Blocks – Gutenberg Blocks, Page Builder for WordPress (WordPress plugin) up to and including v3.0.6. The issue is an unauthenticated path traversal vulnerability in the get_image function that allows viewing arbitrary images on the server, potentially exposing sensiti...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images...

CVE-2024-20865

CVE-2024-20865 describes an authentication bypass in the Samsung bootloader prior to SMR May-2024 Release 1, enabling a physical attacker to flash arbitrary images. The issue affects the bootchain, with evidence of an exploit path in the bootloader (LittleKernel) and PoCs referenced in a GitHub r...