Lucene search
K

49882 matches found

RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-46680

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes runAsNonRoot restrictio...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References4
NVD
NVD
added 3 days ago6 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-57756

CVE-2026-57756 affects the WordPress plugin nicen-localize-image

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-57756 WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago10 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago49 views

WordPress Core 5.0.0 - Crop-image Shell Upload

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. i...

6.5CVSS7AI score0.91985EPSS
Exploits9References5
NVD
NVD
added 3 days ago12 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
NVD
NVD
added 3 days ago9 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-13704 GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
CVE
CVE
added 3 days ago14 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41247

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
CVE
CVE
added 3 days ago16 views

CVE-2026-5821

The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 3 days ago5 views

Next.js: Next.js: Denial of Service via Image Optimization API

A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /next/image endpoint...

7.5CVSS5.9AI score0.00657EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 3 days ago4 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
Rows per page
Query Builder