CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

OSSF Malicious Packages•added 2025/05/15 3:46 a.m.•2 views

Malicious code in nayan-imgur-upload-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83086119743263f9bdf6c297c723c4435596eb345ae1346780b6cb9c49e0e597 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2025/05/15 3:46 a.m.•9 views

MAL-2025-3843 Malicious code in nayan-imgur-upload-apis (npm)

7AI score

Exploits0References1

The Hacker News•added 2025/03/03 1:56 p.m.•11 views

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

The U.K.'s Information Commissioner's Office ICO has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned...

6.9AI score

Exploits0

OSV•added 2024/12/13 3:25 a.m.•3 views

MAL-2024-11829 Malicious code in imgur-uploader-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e12db7b7de507126d4fa046e84a7acb1e502c87e639c69d90159cd396bed2b84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSSF Malicious Packages•added 2024/12/13 3:25 a.m.•2 views

Malicious code in imgur-uploader-api (npm)

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2024/12/12 5:28 a.m.•2 views

Malicious code in nayan-imgur-upload-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b98ebdb98b3110329cb9db3c496ef6fa0d0f21bcf8ec8302746d6f47b0cf884 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2024/12/12 5:28 a.m.•4 views

MAL-2024-11808 Malicious code in nayan-imgur-upload-api (npm)

7AI score

Exploits0References1

OSSF Malicious Packages•added 2024/11/29 3:37 a.m.•2 views

Malicious code in imgur-upload-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70fc21112f21105a413aa69a8b3e3f21c53895809a2f5fd20cdbf6dd16baadfc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2024/11/29 3:37 a.m.•2 views

MAL-2024-11144 Malicious code in imgur-upload-api (npm)

7AI score

Exploits0References1

NVD•added 2022/04/11 9:15 p.m.•10 views

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS0.00314EPSS

Exploits0References3

Hacker One•added 2022/03/31 9:52 p.m.•191 views

Imgur: 8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover

Hello Gents, + While testing Imgur I found an unclaimed subdomain which is; “8ybhy85kld9zp9xf84x6.imgur.com”, and I was able to claim it! + But actually I didn't upload or host a simple file like mrbaka.html, because I need to upgrade the account to be able to use this custom domain! + Anyway, yo...

0.2AI score

Exploits0

Hacker One•added 2021/11/28 2:29 p.m.•737 views

Imgur: No length on password

Hey, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behal...

7.7AI score

Exploits0

0day.today•added 2021/05/05 12:0 a.m.•41 views

Xmind 2020 - XSS to Remote Command Execution Vulnerability

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and brainstorming tool,...

0.4AI score

Exploits0

0day.today•added 2021/03/09 12:0 a.m.•95 views

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

7.4AI score

Exploits0

Hacker One•added 2020/12/14 11:41 a.m.•13 views

Imgur: xss reflected on imgur.com

Steps to reproduce : - i log in to my account and navigate to see other profile - i intercept the request then click Give Emerald F1115658 Request look like : POST /account/v1/gifting/purchase?clientid=546c25a59c58ad7 HTTP/1.1 Host: api.imgur.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:83.0...

7AI score

Exploits0

Hacker One•added 2020/11/07 2:41 p.m.•46 views

Imgur: Bypass subscription

Hello team! You can bypass avatar subscriptions. Thus, without connecting a subscription - it's free. A list of all avatars is available at the address below, with a GET request: :method: GET :authority: api.imgur.com :scheme: https :path: /account/v1/accounts/me/avatars?clientid=YOU CLIENT ID...

6.7AI score

Exploits0

Github Security Blog•added 2020/09/03 9:4 p.m.•28 views

Malicious Package in pizza-pasta

Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...

4.5AI score

Exploits0References2Affected Software1

Hacker One•added 2020/07/26 12:51 a.m.•45 views

Imgur: Stored XSS in Post title (PoC)

Hello, Stored XSS in Post title, example: https://imgur.com/gallery/Y5JUzv3, Thanks Impact steal cookies and session...

6.2AI score

Exploits0

Hacker One•added 2020/06/05 5:27 p.m.•84 views

Imgur: self-xss with ClickJacking can leads to account takeover in Firefox

Description Hi, i think i found a valid chaining issues here ClickJacking issue I discovered that have some endpoints that permits to frame imgur.com with some limitations, but even in this case, it is possible to carry out a proof of concept. One of the cases is in the /all/ directory of...

6AI score

Exploits0

Hacker One•added 2020/04/09 8:17 p.m.•242 views

Imgur: Sourcemaps and Unminified Source Code Exposed on Pages

Hello, I'm not sure if this was actually meant to be made public on purpose, but I was looking through some of the sources that were loaded and found out the following: https://imgur.com/ - See ██████ s.imgur.com - desktop-assets - js contains multiple minified JS files as one would usually expec...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by