25 matches found
CVE-2026-7252
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252
CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
PT-2026-38342
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled original file deletion function in all versions up to, and including, 4.5.2...
PT-2024-24343 · Mealie · Mealie
Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the scrape image function, which retrieves an image based on a user-provided URL without validating if the URL points to an external location and lacks enforced rate limiting. The...
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
openSUSE Security Update : python-python-gnupg (openSUSE-2019-478)
This update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode CVE-2018-12020 boo1096745 The following other changes were made : - Add --no-verbose to...
[SECURITY] Fedora 27 Update: patch-2.7.6-5.fc27
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CentOS 7 : patch (CESA-2018:1200)
An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
[SECURITY] Fedora 27 Update: patch-2.7.6-4.fc27
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
[SECURITY] Fedora 27 Update: patch-2.7.6-3.fc27
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...
OMERO Elevation of Privilege Vulnerability
OMERO is an open source image management viewing application. A security vulnerability exists in OMERO 5.3.3 and earlier versions. An attacker can exploit the vulnerability by creating an OriginalFile and adjusting its path to manipulate other users' data...
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Source: https://code.google.com/p/google-security-research/issues/detail?id=465 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 ...
Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage
Source: https://code.google.com/p/google-security-research/issues/detail?id=424&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...