155 matches found
Malicious code in web-pixels-extension (npm)
The package web-pixels-extension was found to contain malicious code...
MAL-2025-38973 Malicious code in web-pixels-extension (npm)
The package web-pixels-extension was found to contain malicious code...
OSV-2025-600 Heap-buffer-overflow in generic_unpack
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=436037111 Crash type: Heap-buffer-overflow READ 2 Crash state: genericunpack Imf34::ScanLineInputFile::Data::readPixels Imf34::InputFile::readPixels...
A Novel APVD Steganography Technique Incorporating Pseudorandom Pixel Selection for Robust Image Security
Steganography is the process of embedding secret information discreetly within a carrier, ensuring secure exchange of confidential data. The Adaptive Pixel Value Differencing APVD steganography method, while effective, encounters certain challenges like the "unused blocks" issue. This problem can...
vLLM 安全漏洞
vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.7.0 through 0.9.0, which stems from the use of only raw pixel data without including metadata in the image hash method, which...
UBUNTU-CVE-2025-21989
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .istwopixelspercontainer Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .istwopixelspercontainer function in dce60tgfuncs, causes a NULL pointer dereference on...
CVE-2025-21989 drm/amd/display: fix missing .is_two_pixels_per_container
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .istwopixelspercontainer Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .istwopixelspercontainer function in dce60tgfuncs, causes a NULL pointer dereference on...
PUB-A-325927059
There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Uninitialized GPU Register Access
AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...
CVE-2024-5479
The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
CVE-2024-5479 Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting
The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
CVE-2024-5479
CVE-2024-5479 concerns the Easy Pixels plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in plugin settings across all versions up to and including 2.13, caused by insufficient input sanitization and output escaping. It enables unauthenticated attackers to inject arbit...
WordPress Easy Pixels by JEVNET plugin <= 2.13 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Easy Pixels versions = 2.13...
WordPress Easy Pixels Plugin <= 2.13 is vulnerable to Cross Site Scripting (XSS)
Software Easy Pixels Type Plugin Vulnerable versions = 2.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5479 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4b79cc61de42 Credits Lucio Sá Required privile...
PT-2024-36419 · WordPress · Easy Pixels
Name of the Vulnerable Software and Affected Versions: Easy Pixels plugin for WordPress versions up to, and including, 2.13 Description: The issue is related to Stored Cross-Site Scripting via plugin settings due to insufficient input sanitization and output escaping. This allows unauthenticated...
WordPress plugin Easy Pixels security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission FTC has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
Facebook introduces another way to track you – Link History
In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History. Link History allows users to view and re-visit links they have visited with their Facebook browsing activity. Obviously Facebook will te...
The vulnerability of the ff_hevc_put_hevc_qpel_pixels_8_sse function in the h.265 Libde265 implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ffhevcputhevcqpelpixels8sse function in the H.265 Libde265 video codec implementation is related to copying buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibili...
DEBIAN-CVE-2023-24752
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ffhevcputhevcepelpixels8sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...