29 matches found
RHCOS 4 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory CVE-2020-1702 - proglottis/gpgme: Use-after-free in GPGM...
EUVD-2017-6309
Malware in sbrugna...
EUVD-2024-29004
Malicious code in bioql PyPI...
EUVD-2021-33321
Malicious code in bioql PyPI...
CVE-2025-58255
Cross-Site Request Forgery CSRF vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through = 0.5...
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…...
Exploit for CVE-2025-8889
Exploit Title: WordPress Compress Then Upload Plugin 1.0.3 Arb...
CVE-2024-5945
The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.3 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have permissio...
CVE-2022-48161
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request...
CVE-2020-35187
The official telegraf docker images before 1.9.4-alpine Alpine specific contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...
CVE-2024-31093
Cross-Site Request Forgery CSRF vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting XSS.This issue affects Broken Images: from n/a through 0.2...
08cms (=1.0.0), @artdotstyle/filepix (>=1.0.10 <=1.0.11) +427 more potentially affected by CVE-2024-21523 via images (>=2.0.2 <=3.2.4)
images NPM version =2.0.2, =1.0.10, =1.1.2, =0.0.1, =0.1.0, =1.0.1, =1.4.0, =1.1.2, =1.1.8, =0.4.0, =0.6.2 and more Source cves: CVE-2024-21523 Source advisory: OSV:GHSA-VJPV-X8P9-7P85...
08cms (=1.0.0), @artdotstyle/filepix (>=1.0.10 <=1.0.11) +427 more potentially affected by CVE-2024-21523 via images (>=2.0.2 <=3.2.4)
images NPM version =2.0.2, =1.0.10, =1.1.2, =0.0.1, =0.1.0, =1.0.1, =1.4.0, =1.1.2, =1.1.8, =0.4.0, =0.6.2 and more Source cves: CVE-2024-21523 Source advisory: SNYK:JS-IMAGES-6421826...
PYSEC-2023-311
plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...
CVE-2021-46617
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Security Bulletin: Images built from IBM App Connect Enterprise Certified Container images may be vulnerable to information exposure via CVE-2020-15095
Summary Images built from the App Connect Enterprise Certified Container images that perform an npm install may leak information through their logs when installing from a non-default location using basic auth credentials due to CVE-2020-15095. Vulnerability Details Third Party Entry: 184666...
About the security content of watchOS 7.0
About the security content of watchOS 7.0 This document describes the security content of watchOS 7.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2020-5313
An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read...