16 matches found
EUVD-2021-31658
Malicious code in bioql PyPI...
EUVD-2025-9332
Malicious code in bioql PyPI...
CVE-2018-20906
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction SEC-430...
CVE-2025-31121
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...
CVE-2025-31121
OpenEMR’s Patient Image feature (EXIF title) is vulnerable to cross-site scripting prior to version 7.0.3.1. Affected component: Patient Image handling in OpenEMR. Root cause: unsanitized EXIF title in uploaded images enables XSS. Impact: CVE-2025-31121 indicates attacker-executed script in vulne...
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...
PT-2024-31525 · Sayful Islam · Carousel Slider
Name of the Vulnerable Software and Affected Versions: WordPress plugin Carousel Slider affected versions not specified Description: The WordPress plugin Carousel Slider provided by Sayful Islam contains a cross-site request forgery issue on the Hero image selection feature. When a user is logged...
Tecno Camon Security Breach
The Tecno Camon is a Camon series smartphone from China-based Transocean. A security vulnerability exists in Tecno Camon X CA7 Gallery3d, which originates from a vulnerability that allows attackers to bypass the Gallary3D hidden image feature in TECNO Camon X. The vulnerability is caused due to t...
DEBIAN-CVE-2021-44855
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature...
CVE-2021-44855
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature...
Mozilla Firefox Remote Code Execution Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A remote code execution vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to execut...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-68216)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. The input validation error vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to...
Online Food Ordering System Arbitrary File Upload Vulnerability
Online Food Ordering System is an online food ordering system. An arbitrary file upload vulnerability exists in Online Food Ordering System version 1.0, which stems from the lack of validation of uploaded files in the Select Image feature, and can be exploited to upload a malicious file that can ...
CVE-2022-29651
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2021-26918
The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...
CVE-2018-20906
CVE-2018-20906 affects cPanel before 71.9980.37. The issue allows attackers to make API calls that bypass the images feature restriction (SEC-430). The connected documents confirm the product (cPanel), affected version range (before 71.9980.37), and the described impact (bypassing images feature ...