Vikunja Affected by DoS via Image Preview Generation

Summary - Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage -...

Vikunja Affected by DoS via Image Preview Generation

Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage - Endpoint...

PT-2026-26764

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.0 Description The software is susceptible to a denial-of-service DoS condition triggered by unbounded image decoding and resizing during preview generation. An attacker can exploit this by providing a highly...

OpenStack Nova 安全漏洞

OpenStack Nova is a core computing service component of the OpenStack open-source framework. Versions of OpenStack Nova prior to 30.2.2, 31.2.1, and 32.1.1 have security vulnerabilities. These vulnerabilities stem from the Flat image backend’s failure to apply format restrictions when processing...

GHSA-HRR4-3WGR-68X3 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...

EUVD-2025-197683

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

EUVD-2004-2215

Malware in sbrugna...

EUVD-2006-5083

Malware in sbrugna...

EUVD-2022-1935

Malicious code in bioql PyPI...

EUVD-2025-28804

Malicious code in bioql PyPI...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

Exploit for CVE-2025-8723

⚡️ Cloudflare Image Resizing Description: The plugin'...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723

CVE-2025-8723 affects the Cloudflare Image Resizing plugin for WordPress. The vulnerability arises from missing authentication and insufficient sanitization in the hook_rest_pre_dispatch() method, affecting all versions up to and including 1.5.6. This enables unauthenticated attackers to inject a...

CVE-2025-8723 Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723 Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

PT-2025-33714

Name of the Vulnerable Software and Affected Versions: Cloudflare Image Resizing plugin for WordPress versions up to and including 1.5.6 Description: The Cloudflare Image Resizing plugin for WordPress is susceptible to Remote Code Execution RCE due to missing authentication and insufficient...

WordPress plugin Cloudflare Image Resizing 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Cloudflare Image Resizing plugin <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook vulnerability

Missing Authentication to Unauthenticated Remote Code Execution via restpredispatch Hook vulnerability discovered by kr0d in WordPress Plugin Cloudflare Image Resizing versions = 1.5.6...