Lucene search
+L

469 matches found

Nuclei
Nuclei
added yesterday61 views

BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion

The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...

7.5CVSS7.4AI score0.03399EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 2:23 p.m.3 views

OPENSUSE-SU-2026:21242-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-11277: large mWidth and mHeight dimensions can lead to integer overflow and a heap-based buffer overflow bsc1251019. - CVE-2026-10197: NULL pointer dereference in ImportEmbeddedTextures when mimeType lacks '/' bsc1266996. -...

7.8CVSS6.5AI score0.00222EPSS
Exploits1References10
NVD
NVD
added 2026/06/15 2:16 p.m.14 views

CVE-2016-20074

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.34 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS0.00106EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 p.m.18 views

CVE-2016-20074

CVE-2016-20074 affects WordPress the Lazy Content Slider Plugin version 3.4. The issue is a CSRF that lets an attacker trick authenticated admins into submitting POST requests to lzcs_admin.php to alter plugin settings such as lzcs_color and lzcs_count. The vulnerability arises from insufficient ...

5.3CVSS5.2AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49212

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:26 p.m.9 views

OESA-2026-2647 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

4.8CVSS4.1AI score0.00118EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2646 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

4.8CVSS4.8AI score0.00118EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/11 11:24 a.m.13 views

WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability

Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...

3.5CVSS5.4AI score0.00138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 6:0 a.m.42 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:0 a.m.31 views

CVE-2026-8981

The CVE describes a vulnerability in the WordPress plugin Custom Block Builder (Lazy Blocks) prior to version 4.3.0 . The issue arises because the plugin does not consistently check the unfiltered_html capability across all code paths that write to its block template fields, enabling an administr...

3.5CVSS5.7AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS5.5AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/05/31 11:16 p.m.9 views

DEBIAN-CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 10:30 p.m.10 views

CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References9
CVE
CVE
added 2026/05/31 10:30 p.m.61 views

CVE-2026-10199

CVE-2026-10199 affects Assimp up to 6.0.4 in glTF2Asset.h: the glTF2::LazyDict function exposed by operator[] manipulation can cause a null pointer dereference. The issue is exploitable locally, with a proof-of-concept in the public domain. A patch is available (patch hash d24b85319bd70c65883a2b9...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/28 6:45 a.m.17 views

EUVD-2026-32733

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.11 views

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin a3 Lazy Load 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

6.4CVSS5.7AI score0.00291EPSS
Exploits0References8
Rows per page
Query Builder