EUVD-2025-32698

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

PT-2025-40970

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions prior to 5.2.8 Description The software is susceptible to Stored Cross-Site Scripting through the Featured Image custom fields of a post. Insufficient input sanitization and output...

EUVD-2022-24655

Malicious code in bioql PyPI...

AZL-42958 CVE-2024-5197 affecting package libvpx 1.13.1-1

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

PT-2024-20505 · WordPress · Foogallery

Name of the Vulnerable Software and Affected Versions: FooGallery plugin for WordPress versions up to, and including, 2.4.14 Description: The issue is related to Stored Cross-Site Scripting via image attachment fields, such as Title, Alt Text, Custom URL, Custom Class, and Override Type, due to...

CVE-2022-1327

The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin Image Gallery - Grid Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Image Gallery-Grid Gallery plugin 1.1.1 and earlier versions have a cross-site scripting...

Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple cross-site scripting vulnerabilities in Final Tiles Gallery 3.4.18 and lower allow remote attackers to inject arbitrary web script or HTML via the Title and Caption fields of an image. Successful exploitation of this vulnerability would allow an authenticated high-privileged user author+...

CVE-2019-5700

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...

Microsoft Access Tampering Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The attacker who...