Lucene search
+L

15 matches found

CVE
CVE
added 2026/07/02 5:35 a.m.21 views

CVE-2026-5821

The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29201

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0166EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-24300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS7.1AI score0.0166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/31 4:15 a.m.3 views

CVE-2023-1661

The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6.1AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.7 views

SUSE CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS9.3AI score0.0166EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/02/14 12:0 a.m.16 views

Debian DSA-5075-1 : minetest - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5075 advisory. Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game...

9.8CVSS7.3AI score0.0166EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/02/02 6:15 a.m.8 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS7.4AI score0.0166EPSS
Exploits0References5
Prion
Prion
added 2022/02/02 6:15 a.m.11 views

Design/Logic Flaw

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

7.5CVSS9.6AI score0.0166EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2022/02/02 6:15 a.m.16 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS7.3AI score0.0166EPSS
Exploits0References6
OSV
OSV
added 2022/02/02 6:15 a.m.9 views

UBUNTU-CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS5.9AI score0.0166EPSS
Exploits0References7
CVE
CVE
added 2022/02/02 6:1 a.m.68 views

CVE-2022-24300

CVE-2022-24300 affects Minetest, where versions before 5.4.0 are vulnerable to an ItemStack meta injection flaw: attackers can add/modify arbitrary meta fields in the same item stack via saved user input. The OSV entry confirms the issue. Debian advisory DSA-5075-1 notes the vulnerabilities were ...

9.8CVSS9.5AI score0.0166EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/02/02 6:1 a.m.26 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.9AI score0.0166EPSS
Exploits0References4
OSV
OSV
added 2022/02/02 6:1 a.m.15 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS7.2AI score0.0166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/03/08 12:0 a.m.5 views

PT-2022-16591 · Minetest +1 · Minetest +1

Name of the Vulnerable Software and Affected Versions: Minetest versions prior to 5.4.0 Description: The issue allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, also known as ItemStack meta injection. Recommendations: For versions prior to 5.4.0,...

10CVSS8AI score0.02195EPSS
Exploits0References26
Rows per page
Query Builder