15 matches found
CVE-2026-5821
The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...
CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
EUVD-2022-29201
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-24300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2023-1661
The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
SUSE CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
Debian DSA-5075-1 : minetest - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5075 advisory. Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
Design/Logic Flaw
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
UBUNTU-CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2022-24300
CVE-2022-24300 affects Minetest, where versions before 5.4.0 are vulnerable to an ItemStack meta injection flaw: attackers can add/modify arbitrary meta fields in the same item stack via saved user input. The OSV entry confirms the issue. Debian advisory DSA-5075-1 notes the vulnerabilities were ...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
PT-2022-16591 · Minetest +1 · Minetest +1
Name of the Vulnerable Software and Affected Versions: Minetest versions prior to 5.4.0 Description: The issue allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, also known as ItemStack meta injection. Recommendations: For versions prior to 5.4.0,...