810 matches found
CVE-2026-15097
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-5743
The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...
CVE-2026-15097
CVE-2026-15097 affects Themify Builder for WordPress (up to version 7.7.6). The issue is a Stored Cross-Site Scripting via the height_slider Slider Module Field caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and high...
PT-2026-57392
Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts...
GHSA-4M69-67M6-PRQP Zebra has block suppression via NU5 same-header body poisoning of sent-hash cache
Description Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node processes blocks past the checkpoint height non-finalized state is active. All...
CVE-2025-15666
A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...
CVE-2025-15666
Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height were updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE, but width/height have...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, the gdisurfacebits function processed SURFACEBITSCOMMAND messages sent by the RDP server. When these commands were processed using NSCodec, the bmp.width and bmp.height values provided by the server were not...
Astra Linux – Vulnerability in Linux
A buffer overflow attack in fbcon in the Linux kernel before version 5.9.7 could be exploited by local attackers to read privileged information or potentially cause the kernel to crash. This issue is identified as CID-3c4e0dff2095. This vulnerability arises because the KDFONTOPCOPY function in...
CVE-2025-62821
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...
CVE-2026-8461
The CVE-2026-8461 affects FFmpeg’s libavcodec/magicyuv.c in the MagicYUV decoder. It is a heap out-of-bounds write triggered by an odd slice_height, enabling denial-of-service and, in some cases, remote code execution. Affected software: FFmpeg prior to version 8.1.2; patched in 8.1.2 and later. ...
CVE-2026-12136 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory. It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt...
CVE-2026-44899
A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...
CVE-2026-8899
The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...
CVE-2026-8203
Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...
Security update for libjxl
This update for libjxl fixes the following issues: Security fixes: CVE-2025-70103: heap buffer overflow when hen processing crafted pbm-images due to insufficient bounds checks bsc1266460. Other fixes: Update to version 0.10.5: fix tile dimension in low memory rendering pipeline. fix number of...
USN-8357-1 qtdeclarative-opensource-src vulnerability
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...
USN-8357-1: Qt Declarative vulnerability
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...