CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

CVE-2025-15438

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

CVE-2025-15438

CVE-2025-15438 affects PluXml up to version 5.8.22, targeting the Media Management Module’s file medias.php, specifically the FileCookieJar::__destruct function. A crafted manipulation of the File argument can trigger deserialization, enabling a remote, unauthenticated attack. Public exploit deta...

Malicious code in react-medias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b5575c56531df502495b31c4b90170d35d991772b25b712d15dc9fdac0e33df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-35308

Malicious code in react-medias npm...

Malicious Package

Overview react-medias is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48551 Malicious code in react-medias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b5575c56531df502495b31c4b90170d35d991772b25b712d15dc9fdac0e33df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2022-24587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTM...

medias-presse.com Cross Site Scripting vulnerability OBB-3917020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

medias-reiseservice.de Cross Site Scripting vulnerability OBB-3915948

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-24587

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...

Compro Technology Camera安全漏洞

Compro Technology Camera is a camera from Compro Technology China. A security vulnerability exists on the comppro IP70 2.08 7130218, IP570 2.08 7130520, IP60, and TN540 devices that originates from rstp://... /medias2 No license required...

SAP Commerce Cloud Information Disclosure Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. An information disclosure vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker can bypass existing authentication and permission checks via the '/medias' endpoint, which...

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

Design/Logic Flaw

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

UBUNTU-CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

SPIP content injection vulnerability

SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. A security vulnerability exists in core/plugins/medias in version 3.2.x prior to SPIP 3.2.7. A remote attacker could exploit the vulnerability to inject content into the database...