GHSA-VMC4-9828-R48R Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

GHSA-93FV-4PM9-XP28 JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

EUVD-2021-11225

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-3802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this...

CVE-2022-1398

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...

PT-2024-31543

Name of the Vulnerable Software and Affected Versions PHPSpreadsheet versions prior to 1.29.2 PHPSpreadsheet versions prior to 2.1.1 PHPSpreadsheet versions prior to 2.3.0 Description It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XL...

Oracle Linux 9 : fwupd (ELSA-2023-2487)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2487 advisory. 1.8.10-2.0.1 - Drop pesign.service restart in postun Orabug: 34760075 - Update signing certificate JIRA: OLDIS-16371 - Rebuild for SecureBoot signature...

shim: 3rd party shim allow secure boot bypass

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...

Cross site scripting

A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function printmedianewpanel of the file external-media-without-import.php. The manipulation of the argument...

CVE-2017-20183

CVE-2017-20183 affects WordPress via the External Media without Import Plugin up to 1.0.0. A vulnerability in the function print_media_new_panel (external-media-without-import.php) allows cross-site scripting through manipulation of the parameters url, error, width, height, and mime-type. The att...

CVE-2017-20183 External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting

A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function printmedianewpanel of the file external-media-without-import.php. The manipulation of the argument...

CVE-2022-3832

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3832 External Media < 1.0.36 - Admin+ Stored XSS

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3832 External Media < 1.0.36 - Admin+ Stored XSS

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3832

CVE-2022-3832 affects the External Media WordPress plugin prior to 1.0.36. The root cause is improper sanitisation/escaping of some plugin settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Documents consiste...

WordPress plugin External Media 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Input validation

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

WordPress External Media without Imports plugin服务端请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress External Media without Imports plugin version 1.1.2 and earlier is vulnerable to server-side reques...