Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:40 p.m.6 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
OSV
OSVadded 2026/03/26 10:9 p.m.4 views

GHSA-9R56-3GJQ-HQF7 ImageMagick: META reader memory leak in the APP1JPEG input path

ImageMagick contains a memory leak in the META reader when processing the APP1JPEG input path...

3.3CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2025/10/19 3:32 p.m.10 views

CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

8.1CVSS5.5AI score0.00834EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2023/10/20 7:15 a.m.28 views

Cross site scripting

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

4.3CVSS4.7AI score0.00328EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/04/06 2:15 a.m.7 views

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

7.5CVSS7.2AI score0.9658EPSS
Exploits1References3
CNVD
CNVDadded 2022/02/09 12:0 a.m.19 views

iTunesRPC-Remastered OS Command Injection Vulnerability

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

9.8CVSS3.9AI score0.01492EPSS
Exploits0References1
CNNVD
CNNVDadded 2022/02/04 12:0 a.m.2 views

iTunesRPC-Remastered 操作系统命令注入漏洞

iTunesRPC-Remastered is a rich discordant state application used with iTunes and Apple Music. iTunesRPC-Remastered suffers from an operating system command injection vulnerability that stems from iTunesRPC-Remastered not properly cleaning the image file path. An attacker could exploit this...

9.8CVSS5.8AI score0.01492EPSS
Exploits0References3
Rows per page
Query Builder