WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

The Frontend File Manager plugin 4.0 and N-Media Post Front-end Form plugin 1.1 for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. id:...

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

python311-3.11.15-6.1 on GA media (moderate)

python311-3.11.15-6.1 on GA media Announcement ID: openSUSE-SU-2026:11068-1 Rating: moderate Cross-References: CVE-2026-1502 CVE-2026-3446 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 CVSS scores: CVE-2026-1502 SUSE : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2026-1502 SUSE : 5.7...

CVE-2026-56081

creationtimestamp| type| source ---|---|--- 2026-06-19 23:19:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mooi4ovvat2e 2026-06-20 01:01:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moonslcm672y 2026-06-20 01:30:27+00:00| seen|...

CVE-2026-56211

creationtimestamp| type| source ---|---|--- 2026-06-19 17:49:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3monvpu3zau2k...

Chromium: CVE-2026-12462 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow vulnerability in Google Chrome’s Media component on Linux, prior to version 88.0.4324.182, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: A possible memory leak has been fixed in the allocatebuffersinternal function. The buffer within the loop should be released under the exception path; otherwise, a memory leak may occur. To mitigate...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fixed deadlock in getframeinterval/ and setframeinterval The process of getting and setting the frame interval using V4L2 subdev operations causes a deadlock. This occurs because the subdev state is locked at 1, a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: mediatek: vcodec: fix decoder disable PM crash It is not possible to call pmruntimedisable when the architecture supports a sub-device for “dev-pm.dev” is NUll, or it may cause a crash log. 10.771551 pc :...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: Initialize the MAC header offset in qmimuxrxfixup Raw IP packets do not have a MAC header, resulting in skb-macheader being uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems...

CVE-2026-12462

An use after free flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517916024...