CVE-2026-4979

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

uCrop 安全漏洞

uCrop is an Android image cropping library open source by Yalantis. A security vulnerability exists in uCrop version 2.2.11, which originates from improper export of the function UCropActivity in the file AndroidManifest.xml, which could lead to improper export of Android application components...

WordPress plugin PPOM – Product Addons & Custom Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2022-0335

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-8943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directo...

README: Robust Error-Aware Digital Signature Framework Via Deep Watermarking Model

Deep learning-based watermarking has emerged as a promising solution for robust image authentication and protection. However, existing models are limited by low embedding capacity and vulnerability to bit-level errors, making them unsuitable for cryptographic applications such as digital...

Attack Smarter: Attention-Driven Fine-Grained Webpage Fingerprinting Attacks

Website Fingerprinting WF attacks aim to infer which websites a user is visiting by analyzing traffic patterns, thereby compromising user anonymity. Although this technique has been demonstrated to be effective in controlled experimental environments, it remains largely limited to small-scale...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

Training-Free Watermarking for Autoregressive Image Generation

Invisible image watermarking can protect image ownership and prevent malicious misuse of visual generative models. However, existing generative watermarking methods are mainly designed for diffusion models while watermarking for autoregressive image generation models remains largely underexplored...

Fast and Robust Speckle Pattern Authentication by Scale Invariant Feature Transform Algorithm in Physical Unclonable Functions

Nowadays, due to the growing phenomenon of forgery in many fields, the interest in developing new anti-counterfeiting device and cryptography keys, based on the Physical Unclonable Functions PUFs paradigm, is widely increased. PUFs are physical hardware with an intrinsic, irreproducible disorder...

CLSA-2025-1744633827 nginx: Fix of CVE-2024-7347

CVE-2024-7347: fix MP4 stsc cropping: prevent overflow and buffer underread causing invalid seeks and possible segfault...

USN-6827-1 tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...

CVE-2024-30879

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30883

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...

CVE-2024-30880

CVE-2024-30880 maps to a reflected XSS in RageFrame2 v2.6.43. The issue arises in the image cropping function, where a crafted payload is injected via the multiple parameter, enabling remote execution of web scripts and potential leakage of sensitive information. Multiple connected sources (NVD, ...

PT-2024-23652 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: The issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. This is...

CVE-2024-30883

CVE-2024-30883 affects RageFrame2 v2.6.43 with a Reflected XSS in the aspectRatio parameter of the image cropping function. Exploitation could allow remote attackers to run arbitrary web scripts or HTML and access sensitive information. Public sources from NVD/Red Hat and third-party advisories c...