CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache RCE Unauthenticated Arbitrary...

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache move $tempgrava...

Exploit for CVE-2026-3844

CVE-2026-3844 Breeze Cache ≤ 2.4.4 - Unauthenticated Arbitrary...

Exploit for CVE-2026-3844

CVE-2026-3844 Mass Exploit CVE-2026-3844 – Breeze Cache Word...

WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability

Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2026-3844

The CVE-2026-3844 issue affects Breeze Cache for WordPress (≤2.4.4). It enables unauthenticated file uploads via fetch_gravatar_from_remote when Host Files Locally – Gravatars is enabled, allowing remote content (e.g., PHP webshells) to be saved to the server (e.g., wp-content/cache/breeze-extra/...

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

VulnCheck KEV: CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

PT-2026-34629

Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description An arbitrary file upload issue exists in the Breeze Cache plugin for WordPress, affecting approximately 400,000 active installations. The flaw is located in the fetch gravatar from remote...

PT-2026-20560

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

Linux Distros Unpatched Vulnerability : CVE-2026-21720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three...

Grafana Labs 3.0.0 < 11.6.9+security-01 / 12.0.0 < 12.0.8+security-01 / 12.1.0 < 12.1.5+security-01 / 12.2.0 < 12.2.3+security-01 / 12.3.0 < 12.3.1+security-01 DoS (CVE-2026-21720)

The version of Grafana Labs installed on the remote host is affected by a denial of service vulnerability as referenced in the CVE-2026-21720 advisory. - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue long...

CVE-2026-21720

A flaw was found in Grafana. A remote attacker can exploit this vulnerability by sending a sustained volume of uncached /avatar/:hash requests. This action causes the system to create and block goroutines, which are lightweight concurrent functions, leading to a continuous increase in memory usag...

SUSE CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

UBUNTU-CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

Missing Release of Resource after Effective Lifetime

Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the /avatar/:hash endpoint. An attacker can exhaust system memory and...