EUVD-2026-31852

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

CVE-2026-1271

The CVE concerns the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. It affects all versions up to 5.9.7.2 and enables Insecure Direct Object Reference via the pm_upload_image and pm_upload_cover_image AJAX actions. The root cause is update_user_meta() being called outside t...

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

Askbot security vulnerabilities

ASKBot is an open-source Q&A platform developed by ASKBOT. Versions of ASKBOT prior to 0.12.2 have security vulnerabilities; these vulnerabilities stem from improper access control, which could lead to the modification of other users’ profile images...

EUVD-2024-21974

Malicious code in bioql PyPI...

EUVD-2025-28561

Malicious code in bioql PyPI...

CVE-2025-5417

The CVE-2025-5417 entry describes an insufficient access control vulnerability in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The issue allows a cluster admin/user with standard access, and the Red Hat Developer Hub namespace, to access and modify the image’s content, impacting...

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

RHEL 6 : qemu-kvm-rhev (RHSA-2014:0434)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0434 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provid...

PT-2022-27872 · Tp Link · Tp-Link Tl-Wr743Nd

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR743ND V1 versions prior to 3.12.20 Description: An exploitable firmware modification vulnerability was discovered, allowing an attacker to conduct a Man-in-the-Middle MITM attack to modify the user-uploaded firmware image and...

PT-2022-27868 · NetGear · Netgear Xwn5001 Powerline 500 Wifi Access Point

Name of the Vulnerable Software and Affected Versions: Netgear XWN5001 Powerline 500 WiFi Access Point versions v0.4.1.1 and earlier Description: An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a...

Dell PowerProtect Cyber Recovery 授权问题漏洞

Dell PowerProtect Cyber Recovery is a network data recovery software and solution from Dell USA. A security vulnerability exists in versions prior to Dell PowerProtect Cyber Recovery 19.11.0.2, which stems from the possibility that an unauthenticated, remote attacker could bypass authentication b...

Write access to the catalog for any user when restricted-admin role is enabled in Rancher

Impact This vulnerability only affects customers using the restricted-admin role in Rancher. For this role to be active, Rancher must be bootstrapped with the environment variable CATTLERESTRICTEDDEFAULTADMIN=true or the configuration flag restrictedAdmin=true. A flaw was discovered in Rancher...

[SECURITY] Fedora 34 Update: php-pecl-imagick-3.5.0-1.fc34.1

imagick is a native php extension to create and modify images using the ImageMagick API...

Arbitrary Code Execution

openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modif...

7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

INTRODUCTION In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working...

[SECURITY] Fedora 25 Update: php-pecl-imagick-3.4.3-2.fc25

imagick is a native php extension to create and modify images using the ImageMagick API...

Qemu: qcow1: validate image size to avoid out-of-bounds memory access

An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with...