GO-2026-4795 Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api

Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

CVE-2025-64404

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...

CVE-2025-64404

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...

CVE-2025-64404

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...

CVE-2025-64404 Apache OpenOffice: Remote documents loaded without prompt via background and bullet images

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...

CVE-2025-64404

CVE-2025-64404 affects Apache OpenOffice up to version 4.1.15. The issue is a missing Authorization vulnerability that allows an attacker to craft a document containing links (specifically background fill or bullet images) that would cause external files to be loaded without prompting the user. A...

CVE-2025-64404 Apache OpenOffice: Remote documents loaded without prompt via background and bullet images

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...

EUVD-2016-0343

Malware in sbrugna...

EUVD-2024-51089

Malicious code in bioql PyPI...

CVE-2024-12327

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-12327 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbgsavesettings function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-12327

CVE-2024-12327 concerns the LazyLoad Background Images WordPress plugin. The vulnerability is a missing capability check in pblzbg_save_settings(), allowing authenticated attackers with Subscriber-level access and above to modify the plugin’s settings. Affected versions are all up to and includin...

WordPress LazyLoad Background Images plugin <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by Mika in WordPress Plugin LazyLoad Background Images versions = 1.0.7...

CVE-2024-12754

CVE-2024-12754 affects AnyDesk. The flaw is in how background images are handled; by creating a junction, a local attacker can abuse the service to read arbitrary files and disclose stored credentials. Affected behavior requires low-privilege code execution on the target and results in informatio...

Code injection

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...

CVE-2016-0308

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...

CVE-2016-0308

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...