Next.js 资源管理错误漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 10.0.0 to 16.1.7 had a resource management vulnerability. This vulnerability stemmed from the default image optimization feature, which had no configuration limit on disk caching, potentially leading to exhaustion of dis...

PT-2026-22012

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the xf AppUpdateWindowFromSurface function where a cached XImage’s data pointer can reference a freed RDPGFX surface...

EUVD-2023-30272

Malicious code in bioql PyPI...

EUVD-2022-25046

Malicious code in bioql PyPI...

EUVD-2023-30273

Malicious code in bioql PyPI...

CVE-2023-26452

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL...

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

[SECURITY] Fedora 35 Update: OpenImageIO-2.2.21.0-2.fc35

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

CVE-2022-1765

The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules...

Fedora: Security Advisory for vdr-scraper2vdr (FEDORA-2021-b58af96f33)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 26 Update: vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26

Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series...

TeamSpeak Client 3.0.18.1 RFI / Traversal / Code Execution

Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux Exploitation: Remote Risk : Very High ========= The Bug...

TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit

Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...

TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution

TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac ...

TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux Exploitation: Remote Risk : Very High ========= The Bug...

The vulnerability of the Internet Explorer browser, which allows a hacker to gain access to the history of visited pages

The vulnerability of the Internet Explorer browser is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the history of visited pages through image caching errors...

Information disclosure

Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."...

Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n...