4746 matches found
CVE-2025-12190
CVE-2025-12190 affects the WordPress plugin Image Optimizer by wps.sk (versions ≤ 1.2.0) with CSRF due to missing nonce validation in imagopby_ajax_optimize_gallery(). Multiple connected sources confirm the CSRF flaw and impacted plugin/version; however, no patch/version remediation is detailed i...
CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
EUVD-2025-201366
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...
WordPress plugin Image Optimizer by wps.sk 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-49208
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby ajax optimize gallery function. This makes it possible for unauthenticated attackers to...
Linux Distros Unpatched Vulnerability : CVE-2022-21638
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily...
RLSA-2025:16046 Moderate: mysql:8.4 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025...
RLSA-2025:16861 Moderate: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025...
mysql:8.0 security update
An update is available for mecab-ipadic, mecab, module.mecab, module.mysql, mysql, module.mecab-ipadic. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is ...
Linux Distros Unpatched Vulnerability : CVE-2025-53040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and...
Linux Distros Unpatched Vulnerability : CVE-2025-53067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=1.12.0 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/optimizer (=1.0.4)
@asyncapi/optimizer NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/optimizer and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =1.12.0, =1.4.14, =1.4.48 -...
MAL-2025-190663 Malicious code in @asyncapi/optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886928a124b656faf40d1490a3b484cf0aa717d98fa9f5cd6de025e1874183e5 The package @asyncapi/optimizer was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198690
Malicious code in @asyncapi/optimizer npm...
Malicious code in @asyncapi/optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886928a124b656faf40d1490a3b484cf0aa717d98fa9f5cd6de025e1874183e5 The package @asyncapi/optimizer was found to contain malicious code. Source: ghsa-malware...
CVE-2025-12015
The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...
CVE-2025-12015
The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...
CVE-2025-12015 Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Afosto Disconnect
The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...
CVE-2025-10714
AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights...