CVE-2021-47913 PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

CVE-2021-47913 PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

[SECURITY] Fedora 42 Update: fontforge-20230101-18.fc42

FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...

[SECURITY] Fedora 43 Update: fontforge-20230101-19.fc43

FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR Corporation. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting vulnerability present in the video editor, which could allow privileg...

PT-2026-5558

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

RLSA-2026:1574 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...

EUVD-2026-5023

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

RHSA-2026:1585 Red Hat Security Advisory: gimp security update

Bulletin has no description...

PT-2026-5407

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...

gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow

A flaw was found in GIMP. This heap-based buffer overflow vulnerability in the JP2 file parsing component allows a remote attacker to execute arbitrary code. Exploitation requires user interaction, where the target must open a specially crafted malicious JP2 file. Successful exploitation can lead...

CVE-2026-1400

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

CVE-2026-24134

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

ROS-20260129-73-0010

A vulnerability in the Despeckle Plugin component of the GIMP graphics editor is related to memory buffer overruns. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code...

ROS-20260129-73-0024

A vulnerability in the GIMP graphical editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information and cause a denial of service via a malicious file...

RHEL 8 : gimp:2.8 (RHSA-2026:1588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1588 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including...

Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...

Malicious Package

Overview atlas-query-editor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...