Lucene search
K

49982 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 6 days ago11 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
NVD
NVD
added 6 days ago10 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS0.00708EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-50195

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-46680

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes runAsNonRoot restrictio...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References4
NVD
NVD
added 6 days ago7 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-57756 WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-57756

CVE-2026-57756 affects the WordPress plugin nicen-localize-image

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago12 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago51 views

WordPress Core 5.0.0 - Crop-image Shell Upload

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...

6.5CVSS7AI score0.91985EPSS
Exploits9References5
NVD
NVD
added 6 days ago12 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
NVD
NVD
added 6 days ago9 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
CVE
CVE
added 6 days ago16 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-13704 GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
Rows per page
Query Builder