214 matches found
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.3, which stems from an arbitrary local file read vulnerability in the Image Optimization endpoint of the development server that could lead to information...
Astro 跨站脚本漏洞
Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions prior to 5.15.9, which stems from an image optimization endpoint that unconditionally allows data protocol URLs, potentially leading to cross-site scripting attac...
PT-2025-47487
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
com.salesforce.perfeng.uiperf:ImageOptimization (=2.0.1), org.webjars:imagemin (>=0.4.6-1 <=3.1.0) +2 more potentially affected by CVE-2025-64718 via org.webjars:js-yaml (=3.0.2)
org.webjars:js-yaml MAVEN version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:js-yaml and may be impacted: - com.salesforce.perfeng.uiperf:ImageOptimization =2.0.1 - org.webjars:imagemin =0.4.6-1, =0.1.0-1, =4.0.0 -...
EUVD-2025-158261
The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...
PT-2025-45187
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...
CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519
The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...
EUVD-2019-0317
Malware in sbrugna...
EUVD-2021-11134
Malware in sbrugna...
Server-side Request Forgery
astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...
EUVD-2022-6760
Malicious code in bioql PyPI...
EUVD-2023-12654
Malicious code in bioql PyPI...
EUVD-2024-3043
Malicious code in bioql PyPI...
EUVD-2025-26244
Malicious code in bioql PyPI...
EUVD-2025-28624
Malicious code in bioql PyPI...
EUVD-2025-25235
Malicious code in bioql PyPI...
EUVD-2022-34711
Malicious code in bioql PyPI...
EUVD-2022-15967
Malicious code in bioql PyPI...