GHSA-V2XR-WVRV-P969 RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

EUVD-2025-208315

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

PT-2026-23468

Name of the Vulnerable Software and Affected Versions Exploding Gradients RAGAS versions 0.2.3 through 0.2.14 Description An arbitrary file read issue exists in the ImageTextPromptValue class. This is due to insufficient validation and sanitization of URLs provided in the retrieved contexts...

CVE-2025-45691

An Arbitrary File Read vulnerability affects Exploding Gradients RAGAS, versions v0.2.3 through v0.2.14, in the ImageTextPromptValue class. The flaw arises from improper validation/sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs, enabling potentia...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

MiracleLinux 3 : xorg-x11-server-1.1.1-48.101.1.0.1.AXS3 (AXSA:2013-665:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-665:02 advisory. X.Org X11 X server Security issues fixed with this release: CVE-2013-4396 Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the...

Align Is Not Enough: Multimodal Universal Jailbreak Attack against Multimodal Large Language Models

Large Language Models LLMs have evolved into Multimodal Large Language Models MLLMs, significantly enhancing their capabilities by integrating visual information and other types, thus aligning more closely with the nature of human intelligence, which processes a variety of data forms beyond just...

CVE-2025-4188

The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticate...

CVE-2025-4188

The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticate...

PT-2025-18933 · WordPress · Advanced Reorder Image Text Slider

Name of the Vulnerable Software and Affected Versions: Advanced Reorder Image Text Slider plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

WordPress plugin Advanced Reorder Image Text Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

AGATE: Stealthy Black-Box Watermarking for Multimodal Model Copyright Protection

Recent advancement in large-scale Artificial Intelligence AI models offering multimodal services have become foundational in AI systems, making them prime targets for model theft. Existing methods select Out-of-Distribution OoD data as backdoor watermarks and retrain the original model for...

UBUNTU-CVE-2025-26528

The drag-and-drop onto image ddimageortext question type required additional sanitizing to prevent a stored XSS risk...

MAL-2024-7695 Malicious code in two-column-image-text-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 816a60cffab8a3e09e7bdd3135a8d8fdb6bca092a94ec723a64d7aecd057d471 The OpenSSF Package Analysis project identified 'two-column-image-text-grid' @ 69.69.69 npm as malicious. It is considered malicious because: -...

SUSE CVE-2013-4396

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted ImageText request that triggers...

Malicious code in wf-extract-text-in-image2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3cd6fc1170a3ada1d746fc52e031d5c161e68ecaccf1383924617a33f88f75a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Techotronic all-in-one-favicon plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Techotronic all-in-one-favicon aka All In One Favicon is one of the plugins used to add favicon tags to a website. A...