Lucene search
K

457 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in imagemagick

ImageMagick 7.0.10-34 allows division by zero in the OptimizeLayerFrames function in MagickCore/layer.c, which may lead to a denial of service...

4.3CVSS6.7AI score0.01491EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/18 8:49 a.m.11 views

WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...

8.8CVSS5.5AI score0.00577EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/13 3:16 a.m.10 views

CVE-2026-12089

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS0.00336EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/13 2:29 a.m.7 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:29 a.m.13 views

EUVD-2026-36635

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 2:29 a.m.24 views

CVE-2026-12089

The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.15 views

PT-2026-49072

Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...

4.9CVSS5.4AI score0.00336EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/12 2:6 p.m.5 views

WordPress LWS Optimize – All-in-One Speed Booster & Cache Tools plugin <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read vulnerability

Authenticated Editor+ Arbitrary File Read vulnerability discovered by Omar Elshopky in WordPress Plugin LWS Optimize versions = 3.3.19...

4.9CVSS5.2AI score0.00336EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/14 7:25 p.m.9 views

MAL-2026-3774 Malicious code in ts-build-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/05/07 4:17 p.m.11 views

JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.8AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:27 a.m.10 views

CVE-2026-7252

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/07 4:27 a.m.23 views

EUVD-2026-28323

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
CVE
CVE
added 2026/05/07 4:27 a.m.22 views

CVE-2026-7252

CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38342

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled original file deletion function in all versions up to, and including, 4.5.2...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

WordPress plugin WP-Optimize 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS6.2AI score0.0095EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.4 views

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.3 views

CVE-2026-2712 WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.8AI score0.00427EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 1:24 a.m.8 views

EUVD-2026-21254

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 1:24 a.m.20 views

CVE-2026-2712

The connected document identifies CVE-2026-2712-related risk in WordPress WP-Optimize plugin, specifically versions &lt;= 4.5.0. The vulnerability is described as Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation, meaning an authenticated user with...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

WordPress plugin WP-Optimize 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00427EPSS
Exploits0References5
Rows per page
Query Builder