SUSE CVE-2026-25955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

EUVD-2022-3539

Malicious code in bioql PyPI...

OpenStack Glance is vulnerable to Exposure of Sensitive Information

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

Plone 输入验证错误漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from an input validation error vulnerability that allows an attacker to fetch a compromised version of the imageviewfullscreen page in the cache...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Glance: Backend credentials leak in Glance v1 API

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

PYSEC-2013-46

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

CVE-2013-1840

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

CVE-2013-1840

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

CVE-2011-5265

Cross-site scripting XSS vulnerability in cachedimage.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party...