5 matches found
CVE-2026-33738
Vulnerability summary (CVE-2026-33738) : Lychee prior to version 7.5.3 is affected. The photo description field is stored without HTML sanitization and is rendered via unescaped Blade output ({!! $item->summary !!}) in the RSS, Atom, and JSON feed templates. The publicly accessible /feed endpo...
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
WordPress Plugin Helpful 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a...
CVE-2019-1214
creationtimestamp| type| source ---|---|--- 2019-09-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=419 2019-09-11 09:05:12+00:00| seen| https://t.me/informationsecuritychannel/30889 2019-09-12 08:23:57+00:00| seen| https://t.me/N0iSeBit/324 2021-11-08 08:58:19+00:00|...