EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

CVE-2026-49328

CVE-2026-49328 describes a Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet prior to 2.0.2-incubating. The issue allows an attacker to cause outbound network requests to internal or otherwise restricted resources through a user-supplie...

CVE-2026-45299

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

CVE-2026-45317

CVE-2026-45317 describes an application-wide CSRF vector in Open WebUI’s image handling prior to 0.9.3. An authenticated user can influence image URL rendering so that viewing a compromised image causes the user’s browser to issue GET requests to an attacker-controlled URL, potentially leaking co...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the profileimageurl process. An attacker can execute arbitrary JavaScript in the context of another authenticated user's session by crafting a malicious SVG image as their OAuth...

CVE-2026-6604

The CVE-2026-6604 entry affects modelscope agentscope up to version 1.0.18, specifically the Cloud Metadata Endpoint’s _openai_tools.py functions _parse_url, prepare_image, and openai_audio_to_text. The vulnerability arises from manipulating image_url/audio_file_url, enabling server-side request ...

SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client

Summary An attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary https URLs without extensions as images, stores the...

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...

VulnCheck KEV: CVE-2020-26948

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...

EUVD-2019-4753

Malware in sbrugna...

EUVD-2020-3620

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the coverImageURL. An attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious scripts via crafted requests. Details Cross-site scripting or XSS is a code...

WordPress AGCA – Custom Dashboard & Login Page plugin < 7.2.2 - Admin+ Stored XSS via Image URL vulnerability

Admin+ Stored XSS via Image URL vulnerability discovered by Dikshita Trivedi Cybersecdexter in WordPress Plugin Absolutely Glamorous Custom Admin versions 7.2.2...

CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

CVE-2020-11266

Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking...

CVE-2020-11266

CVE-2020-11266 relates to Qualcomm Snapdragon Wired Infrastructure and Networking components. The issue arises when an image address is dereferenced before validating its range, enabling potential information leakage from the secure world (QSEE). The NVD entry documents low to medium base scores ...

CVE-2020-28383

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Solid Edge SE2020 All Versions SE2020MP12, Solid Edge SE2021 All Versions SE2021MP2, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing PAR files. Thi...

Qualcomm WIN TZ FW Security Vulnerability

Qualcomm WIN TZ FW is a Qualcomm Incorporated USA support firmware for use on processors. A security vulnerability exists in Qualcomm WIN TZ FW, which arises from an image address being dereferenced prior to validation of its scope, and affects the following products and versions: AR7420, AR9580,...

Pagekit Bixie Portfolio plugin cross-site scripting vulnerability

Pagekit is a modular, lightweight CMS Content Management System.Bixie Portfolio plugin is used in one of the portfolio plugins. A cross-site scripting vulnerability exists in version 1.2.0 of the Pagekit Bixie Portfolio plugin. A remote attacker can exploit this vulnerability to inject arbitrary...

TeaKKi Cross-Site Scripting Vulnerability

TeaKKi is a team document collaboration software. The software features document synchronization, category management and rights management. A cross-site scripting vulnerability exists in TeaKKi version 2.7. The vulnerability can be exploited by remote attackers to inject arbitrary web script or...