CVE-2024-43921

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9...

CVE-2025-20891

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

PT-2024-22378 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin versions up to 20240315 Description: A critical issue was found in the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to...

PluXml 跨站脚本漏洞

PluXml is a free and open source content management system that does not require a database to work. A security vulnerability exists in PluXml v5.8.7 that allows an attacker to execute arbitrary web script or HTML via a crafted payload in the content and thumbnail parameters...

UBUNTU-CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...