Lucene search
+L

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2021-31658

Malicious code in bioql PyPI...

5.4CVSS5AI score0.00562EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9332

Malicious code in bioql PyPI...

7CVSS6.6AI score0.1462EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 a.m.7 views

CVE-2018-20906

cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction SEC-430...

4.3CVSS7AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.14 views

CVE-2025-31121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...

7CVSS0.1462EPSS
Exploits1References1
CVE
CVE
added 2025/04/01 2:53 p.m.66 views

CVE-2025-31121

OpenEMR’s Patient Image feature (EXIF title) is vulnerable to cross-site scripting prior to version 7.0.3.1. Affected component: Patient Image handling in OpenEMR. Root cause: unsanitized EXIF title in uploaded images enables XSS. Impact: CVE-2025-31121 indicates attacker-executed script in vulne...

7CVSS6.3AI score0.1462EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/01 2:53 p.m.22 views

CVE-2025-31121 OpenEMR allows XSS in Patient Image feature

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...

7CVSS0.1462EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.7 views

PT-2024-31525 · Sayful Islam · Carousel Slider

Name of the Vulnerable Software and Affected Versions: WordPress plugin Carousel Slider affected versions not specified Description: The WordPress plugin Carousel Slider provided by Sayful Islam contains a cross-site request forgery issue on the Hero image selection feature. When a user is logged...

4.3CVSS6.2AI score0.00215EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/12/31 12:0 a.m.5 views

Tecno Camon Security Breach

The Tecno Camon is a Camon series smartphone from China-based Transocean. A security vulnerability exists in Tecno Camon X CA7 Gallery3d, which originates from a vulnerability that allows attackers to bypass the Gallary3D hidden image feature in TECNO Camon X. The vulnerability is caused due to t...

2.1CVSS6.7AI score0.00281EPSS
Exploits1References3
OSV
OSV
added 2022/12/26 5:15 a.m.0 views

DEBIAN-CVE-2021-44855

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature...

5.4CVSS5AI score0.00562EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.4 views

CVE-2021-44855

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature...

5.5AI score0.00562EPSS
Exploits1References2
CNVD
CNVD
added 2022/06/30 12:0 a.m.25 views

Mozilla Firefox Remote Code Execution Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A remote code execution vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to execut...

8.8CVSS7.8AI score0.00721EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.30 views

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-68216)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. The input validation error vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to...

8.8CVSS7.3AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/27 12:0 a.m.16 views

Online Food Ordering System Arbitrary File Upload Vulnerability

Online Food Ordering System is an online food ordering system. An arbitrary file upload vulnerability exists in Online Food Ordering System version 1.0, which stems from the lack of validation of uploaded files in the Select Image feature, and can be exploited to upload a malicious file that can ...

7.2CVSS7.2AI score0.01434EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/25 1:15 p.m.4 views

CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS6.2AI score0.01434EPSS
Exploits0References3
OSV
OSV
added 2021/02/09 3:15 a.m.4 views

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

9.8CVSS5.8AI score0.02585EPSS
Exploits2References2
CVE
CVE
added 2019/08/01 2:27 p.m.58 views

CVE-2018-20906

CVE-2018-20906 affects cPanel before 71.9980.37. The issue allows attackers to make API calls that bypass the images feature restriction (SEC-430). The connected documents confirm the product (cPanel), affected version range (before 71.9980.37), and the described impact (bypassing images feature ...

4.3CVSS4.7AI score0.00592EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder