Lucene search
K

155 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in web-pixels-extension (npm)

The package web-pixels-extension was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-38973 Malicious code in web-pixels-extension (npm)

The package web-pixels-extension was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/05 12:10 a.m.7 views

OSV-2025-600 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=436037111 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack Imf34::ScanLineInputFile::Data::readPixels Imf34::InputFile::readPixels...

7AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.3 views

A Novel APVD Steganography Technique Incorporating Pseudorandom Pixel Selection for Robust Image Security

Steganography is the process of embedding secret information discreetly within a carrier, ensuring secure exchange of confidential data. The Adaptive Pixel Value Differencing APVD steganography method, while effective, encounters certain challenges like the "unused blocks" issue. This problem can...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.2 views

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.7.0 through 0.9.0, which stems from the use of only raw pixel data without including metadata in the image hash method, which...

7.3CVSS6.3AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2025/04/02 1:15 p.m.2 views

UBUNTU-CVE-2025-21989

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .istwopixelspercontainer Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .istwopixelspercontainer function in dce60tgfuncs, causes a NULL pointer dereference on...

5.5CVSS6.5AI score0.00174EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/04/02 12:53 p.m.1 views

CVE-2025-21989 drm/amd/display: fix missing .is_two_pixels_per_container

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .istwopixelspercontainer Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .istwopixelspercontainer function in dce60tgfuncs, causes a NULL pointer dereference on...

7.5AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2024/10/01 12:0 a.m.11 views

PUB-A-325927059

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.2AI score0.00078EPSS
Exploits0References1
Amd
Amd
added 2024/08/13 12:0 a.m.53 views

Uninitialized GPU Register Access

AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...

7.2AI score
Exploits0
NVD
NVD
added 2024/07/09 9:15 a.m.11 views

CVE-2024-5479

The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.2CVSS0.00425EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.20 views

CVE-2024-5479 Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting

The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.2CVSS0.00425EPSS
Exploits0References4
CVE
CVE
added 2024/07/09 8:33 a.m.47 views

CVE-2024-5479

CVE-2024-5479 concerns the Easy Pixels plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in plugin settings across all versions up to and including 2.13, caused by insufficient input sanitization and output escaping. It enables unauthenticated attackers to inject arbit...

7.2CVSS6.4AI score0.00425EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/09 8:3 a.m.4 views

WordPress Easy Pixels by JEVNET plugin <= 2.13 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Easy Pixels versions = 2.13...

7.2CVSS5.8AI score0.00425EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.7 views

WordPress Easy Pixels Plugin <= 2.13 is vulnerable to Cross Site Scripting (XSS)

Software Easy Pixels Type Plugin Vulnerable versions = 2.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5479 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b79cc61de42 Credits Lucio Sá Required privile...

7.2CVSS5.7AI score0.00425EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-36419 · WordPress · Easy Pixels

Name of the Vulnerable Software and Affected Versions: Easy Pixels plugin for WordPress versions up to, and including, 2.13 Description: The issue is related to Stored Cross-Site Scripting via plugin settings due to insufficient input sanitization and output escaping. This allows unauthenticated...

7.2CVSS6.2AI score0.00425EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

WordPress plugin Easy Pixels security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS6AI score0.00425EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2024/04/18 2:45 p.m.19 views

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission FTC has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/04 4:21 p.m.23 views

Facebook introduces another way to track you &#8211; Link History

In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History. Link History allows users to view and re-visit links they have visited with their Facebook browsing activity. Obviously Facebook will te...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.6 views

The vulnerability of the ff_hevc_put_hevc_qpel_pixels_8_sse function in the h.265 Libde265 implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ffhevcputhevcqpelpixels8sse function in the H.265 Libde265 video codec implementation is related to copying buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibili...

7.8CVSS7.1AI score0.00312EPSS
Exploits1References8Affected Software4
OSV
OSV
added 2023/03/01 3:15 p.m.1 views

DEBIAN-CVE-2023-24752

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ffhevcputhevcepelpixels8sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

5.5CVSS6.1AI score0.00292EPSS
Exploits1References1
Rows per page
Query Builder