49835 matches found
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
CVE-2026-57756 WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
Liferay Portal & DXP - Cross-Site Scripting
Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...
EspoCRM <= 9.3.3 - Server-Side Request Forgery
EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowdtabsactive parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can...
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-33851 info: name: WordPress Customi...
Astro - Unauthorized Third-Party Image Access
Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...
WordPress Image Hover Ultimate - Unauthenticated Settings Update
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...
Astro Cloudflare Adapter - Server Side Request Forgery
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
Plone Docker - Host Header Injection
Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
CP Image Store with Slideshow <= 1.0.67 - SQL Injection
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...
LolLMS < 2.2.0 - Server-Side Request Forgery
A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...
Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...
CodiMD <2.5.4 - Insecure Filename Randomization
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...
WordPress Core 5.0.0 - Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location. id: CVE-2015-1000010 info: name: WordPress Simple Image Manipulator...