55 matches found
Exploit for CVE-2026-3844
CVE-2026-3844 Breeze Cache ≤ 2.4.4 - Unauthenticated Arbitrary...
CVE-2026-5217
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
WordPress Optimole plugin <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Optimole versions = 4.2.2...
EUVD-2026-21662
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
CVE-2026-5217
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
CVE-2026-5217
The CVE covers the WordPress plugin Optimole (versions up to 4.2.2). It is vulnerable to an unauthenticated stored XSS via the srcset descriptor parameter (s) in the REST endpoint /wp-json/optimole/v1/optimizations. Root cause: insufficient input sanitization and output escaping, where sanitize_t...
PT-2026-32091
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...
EUVD-2024-45501
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-8372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a...
Linux Distros Unpatched Vulnerability : CVE-2024-8373
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can...
CVE-2024-51702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...
Security update for wget
This update for wget fixes the following issues: CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...
SUSE-SU-2025:20010-1 Security update for wget
This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 - Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...
CVE-2024-51702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...
CVE-2024-51702 WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...
CVE-2024-51702 WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...
CVE-2024-51702
CVE-2024-51702: SrcSet Responsive Images for WordPress is affected by a Reflected XSS (Improp er Neutralization of Input During Web Page Generation) in the plugin’s input handling. Affected version: SrcSet Responsive Images for WordPress up to 1.4. Exploitation details and remediation/version fix...
PT-2024-34849 · WordPress · Srcset Responsive Images
Name of the Vulnerable Software and Affected Versions: SrcSet Responsive Images for WordPress versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...