CVE-2026-9306

CVE-2026-9306 affects QuantumNous new-api up to 0.12.1, specifically the Midjourney Image Relay Endpoint’s RelayMidjourneyImage/GetByOnlyMJId in router/relay-router.go. The issue enables authorization bypass through manipulation of the endpoint. It is reported as exploitable remotely with high co...

CVE-2022-50894

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

VIAVIWEB Wallpaper Admin SQL注入漏洞

VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the imgid parameter that could lead to the extraction of database...

EUVD-2014-5173

Malware in sbrugna...

EUVD-2022-1156

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-4383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause...

CVE-2024-8436

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'editimageId' and 'editimageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2024-28731 · Npm · @Jmondi/Url-To-Png

Name of the Vulnerable Software and Affected Versions: @jmondi/url-to-png versions prior to 2.1.2 Description: The issue arises from the lack of sanitization of the ImageId input in the code, leading to a path traversal vulnerability. This allows an attacker to store an image in an arbitrary...

CVE-2024-29808

The imageid parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageid parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

PT-2024-23053 · WordPress · Admin-Ajax.Php

Name of the Vulnerable Software and Affected Versions: admin-ajax.php affected versions not specified Description: The issue concerns a reflected Cross Site Scripting vulnerability in the image id parameter of the AJAX call to the editimage bwg action of admin-ajax.php. This allows an attacker to...

WordPress plugin PhotoGallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-51978

In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection...

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

PT-2022-13819 · WordPress · Wpqa Builder Plugin

Name of the Vulnerable Software and Affected Versions: WPQA Builder Plugin versions prior to 5.2 Description: The issue allows any user with privileges as low as Subscriber to delete the profile pictures of other users due to a lack of validation for the image id parameter in the wpqa remove imag...

Directory Traversal in Docker

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

Design/Logic Flaw

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'...

CVE-2014-5282

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'...

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author:...

CVE-2014-9358

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

CVE-2014-9358

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...