EmbedPress < 3.9.13 - Contributor+ PDF Block Embedding

Description The plugin is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks...

Arbitrary File Read

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Arbitrary File Read. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. Not...

Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image

Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems. Discovered by security researchers at Cisco Talos group, the zero-day...

Adobe Flash Player "Button" Remote Code Execution

No description provided by source. $Id: adobeflashplayerbutton.rb 10857 2010-11-01 22:34:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...