CVE-2025-12171

CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...

PT-2025-44718

Name of the Vulnerable Software and Affected Versions WordPress RESTful Content Syndication plugin versions 1.1.0 through 1.5.0 Description The RESTful Content Syndication plugin for WordPress is affected by a flaw that allows authenticated attackers with Author-level access or higher to upload...

ImageMagick < 7.1.2-8 DoS (GHSA-wpp4-vqfq-v4hp)

The remote host has a version of ImageMagick installed that is prior to prior to 7.1.2-8. It is, therefore, affected by denial of service vulnerability as referenced in GHSA-wpp4-vqfq-v4hp advisory. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick...

CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the ebsaveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-leve...

EUVD-2025-25656

Malicious code in bioql PyPI...

EUVD-2025-25631

Malicious code in bioql PyPI...

EUVD-2025-20223

Malicious code in bioql PyPI...

CVE-2025-7813

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

PT-2025-34592 · Unknown · Xuhuisheng Lemon

Name of the Vulnerable Software and Affected Versions: xuhuisheng lemon versions through 1.13.0 Description: A weakness exists in xuhuisheng lemon up to version 1.13.0. This issue affects the uploadImage function within the CmsArticleController.java file, specifically in the...

PT-2025-34519 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions through 4.0.37 Description: The Eventin plugin for WordPress is susceptible to Server-Side Request Forgery SSRF via the proxy image function. This allows unauthenticated attackers to make web requests to...

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

PT-2025-23679 · Unknown · Aaluoxiang Oa System

Name of the Vulnerable Software and Affected Versions: aaluoxiang oa system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5 Description: A problematic vulnerability has been found in aaluoxiang oa system, affecting the image function of the file...

CVE-2024-9626

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxzemantasetfeaturedimage' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2023-42295

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the readrleimage function of file bifs/unquantize.c...

WordPress plugin Event Manager, Events Calendar, Tickets, Registrations – Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Event Manager...

CVE-2025-3686 misstt123 oasys show image path traversal

A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This...

oasys 路径遍历漏洞

oasys is an OA office automation system by the individual developer misstt123. A path traversal vulnerability exists in version 1.0 of oasys, which stems from an incorrect operation of the function image in the file /show that results in path traversal...

CVE-2024-54730

Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...

CVE-2024-54730

Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...

CVE-2024-54730

Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...