PT-2026-34842

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi remove custom image size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

EUVD-2025-25374

Malicious code in bioql PyPI...

CVE-2025-48158

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...

CVE-2025-48158

CVE-2025-48158 affects the WordPress plugin BuddyPress XProfile Custom Image Field (vulnerable:

CVE-2025-48158 WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal. This issue affects BuddyPress XProfile Custom Image Field: from n/a through 3.0.1...

PT-2025-33917 · Unknown · Buddypress Xprofile Custom Image Field

Name of the Vulnerable Software and Affected Versions: BuddyPress XProfile Custom Image Field versions through 3.0.1 Description: This issue involves an improper limitation of a pathname to a restricted directory, also known as a path traversal. This allows an attacker to access restricted...

WordPress plugin BuddyPress XProfile Custom Image Field 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-49973 WordPress Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes plugin <= 1.0.10 - Broken Access Control Vulnerability

Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable...

WordPress plugin Image Sizes Controller、Create Custom Image Sizes和Disable Image Sizes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes plugin <= 1.0.10 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes versions = 1.0.10...

Geutebruck Camera Deface

This module will take an existing session on a vulnerable Geutebruck Camera and will allow the user to either freeze the camera and display the last image from the video stream, display an image on the camera, or restore the camera back to displaying the current feed/stream. Module Options msf us...

CVE-2020-35627

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image...

CVE-2018-21055

An issue was discovered on Samsung mobile devices with N7.0 Qualcomm models using MSM8996 chipsets software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 September 2018...

CVE-2019-9534 The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image

The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to...

WINDOWS 10 IOT CORE remote command execution vulnerability verification and recommendations-vulnerability warning-the black bar safety net

1, Overview Recently, Ann days of microelectronics and embedded security development Department, Security days micro block for SafeBreach1the company's disclosure of the Windows IoT2operating systemthe security vulnerabilities carried out a detailed analysis and validation. An attacker exploiting...

CVE-2017-2871

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery...

Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...

WordPress Easy Post Types Plugin <= 1.4.3 - XSS

Because of this vulnerability in classes/custom-image/media.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...