CVE-2026-2826

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

EUVD-2012-6486

Malware in sbrugna...

EUVD-2015-8362

Malware in sbrugna...

Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

CVE-2024-25080

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer...

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

cosign 安全漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A security vulnerability exists in versions prior to cosign 2.2.4 that stems from a remote image with a malicious attachment that could cause a denial of service on a host running Cosign...

WordPress FooGallery plugin <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Image Attachment Fields vulnerability discovered by Tim Coen in WordPress Plugin FooGallery versions = 2.4.14...

CVE-2024-2471

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...

FooGallery < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields

Description The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output...

CVE-2024-25080

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer...

CVE-2024-25080

The CVE-2024-25080 entry affects Axigen’s WebMail component. Vulnerable: Axigen 10.x WebMail before 10.3.3.62. Root cause: a cross-site scripting (XSS) flaw exposed via the image attachment viewer, enabling injected script execution within a user’s browser session. Impact details in the connected...

CVE-2024-25080

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer...

CVE-2024-25080

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer...

SUSE CVE-2012-6640

Cross-site scripting XSS vulnerability in Horde Internet Mail Program IMP before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565...

Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gallery ids='88' class='"...

Cross site scripting

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 (Zero) is affected by a stored XSS in zb_system/function/c_system_admin.php, exploitable via the Content-Type header during image attachment uploads. Affected component is the server-side upload handling in zb_system/function/c_system_admin.php; the issue allows injection of ...

Suspicious Image Attachment In Phishing Mail

Mail messages containing suspicious image file attachments were observed as part of various phishing campaigns. An attacker may use such phishing messages to entice users to disclose sensitive information such as usernames, passwords, and credit card details...