BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion

The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fixed the flushtlbrange function when it is used to zap normal PMD entries PMD entries that point to page tables, along with the PTE entries in the pointed-to page table. In the arm64 version of flushtlbrange, there is a...

CVE-2016-20074

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

CVE-2016-20074

CVE-2016-20074 affects WordPress the Lazy Content Slider Plugin version 3.4. The issue is a CSRF that lets an attacker trick authenticated admins into submitting POST requests to lzcs_admin.php to alter plugin settings such as lzcs_color and lzcs_count. The vulnerability arises from insufficient ...

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

PT-2026-49212

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...

OESA-2026-2647 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

OESA-2026-2646 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability

Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

CVE-2026-8981

The CVE describes a vulnerability in the WordPress plugin Custom Block Builder (Lazy Blocks) prior to version 4.3.0 . The issue arises because the plugin does not consistently check the unfiltered_html capability across all code paths that write to its block template fields, enabling an administr...

CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

DEBIAN-CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

CVE-2026-10199

CVE-2026-10199 affects Assimp up to 6.0.4 in glTF2Asset.h: the glTF2::LazyDict function exposed by operator[] manipulation can cause a null pointer dereference. The issue is exploitable locally, with a proof-of-concept in the public domain. A patch is available (patch hash d24b85319bd70c65883a2b9...

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

EUVD-2026-32733

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...