EUVD-2025-7870

Malicious code in bioql PyPI...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-59343 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-48387 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

org.webjars.npm:class-validator (>=0.8.5 <=0.14.0), org.webjars.npm:image-thumbnail (=1.0.15) +8 more potentially affected by CVE-2025-56200 via org.webjars.npm:validator (>=10.11.0 <=9.2.0)

org.webjars.npm:validator MAVEN version =10.11.0, =0.8.5, =3.1.2, =3.18.2, =3.25.1 Source cves: CVE-2025-56200 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14102004...

org.webjars.npm:datauri (>=1.1.0 <=2.0.0), org.webjars.npm:image-thumbnail (=1.0.15) +1 more potentially affected by unknown CVE via org.webjars.npm:image-size (>=0.5.5 <=2.0.0-alpha.1)

org.webjars.npm:image-size MAVEN version =0.5.5, =1.1.0, =2.7.1, =2.7.2 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9634165...

CVE-2025-28918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

CVE-2025-28918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

CVE-2025-28918

CVE-2025-28918 : Stored XSS in WordPress plugin Featured Image Thumbnail Grid up to version 6.6.1 . Root cause: improper neutralization of input during web page generation in the plugin, enabling stored cross-site scripting. Affected product/component: WordPress Plugin – Featured Image Thumbnail ...

WordPress plugin Featured Image Thumbnail Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

SUSE CVE-2014-3670

The exififdmakevalue function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execut...

Blender 缓冲区错误漏洞

Blender is a specialized free and open source 3D computer graphics software. A buffer error vulnerability exists in Blender that stems from an out-of-bounds read or write that occurs when an image is converted to a vertically flipped thumbnail...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22701)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore 10.4.0 prior versions of cross-site...

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore 10.4.0 prior versions of cross-site...

Zulip Server Open Redirect Vulnerability

Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations. An open redirection vulnerability exists in the image thumbnail handler in Zulip Server. No detailed vulnerability details are provided at this...

UBUNTU-CVE-2014-3670

The exififdmakevalue function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execut...

Inserted image filenames are not escaped properly as thumbnails

When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...

Wang/Kodak Image Thumbnail ActiveX Control

Overview Description The Image Thumbnail control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Thumbnail control is one of several controls used to provide image editting services through a web site. Becaus...