321 matches found
CVE-2025-60108
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...
CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...
CVE-2025-60108
CVE-2025-60108 (LambertGroup - AllInOne - Banner with Thumbnails) is a SQL Injection vulnerability in the WordPress plugin, allowing improper neutralization of input elements. Affected: LambertGroup - AllInOne - Banner with Thumbnails (up through version 3.8). Impact per CVSS: high confidentialit...
CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...
WordPress plugin LambertGroup - AllInOne - Banner with Thumbnails SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A SQL injection...
PT-2025-39555
Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Banner with Thumbnails versions through 3.8 Description A flaw exists in LambertGroup - AllInOne - Banner with Thumbnails that allows for Blind SQL Injection due to improper neutralization of special elements used in ...
Mattermost Server 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.4 / 10.10.x < 10.10.1 / 10.11.0 Path Traversal (MMSA-2025-00501)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00501 advisory. - Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload...
ruby-dragonfly
This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...
[SECURITY] Fedora 41 Update: exiv2-0.28.6-2.fc41
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
[SECURITY] Fedora 42 Update: exiv2-0.28.6-2.fc42
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
Linux Distros Unpatched Vulnerability : CVE-2024-53863
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request...
CVE-2025-6465
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
GHSA-PJ6F-RC94-GW53 Mattermost Fails to Sanitize File Names
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465 Path traversal in image upload with preview overwrite
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465
Mattermost Server is affected by CVE-2025-6465 due to failure to sanitize file names in file streaming APIs, enabling path-traversal to overwrite attachment thumbnails by users with file upload permission. Affected versions include Mattermost Server 10.8.x up to 10.8.3, 10.5.x up to 10.5.8, 10.10...
CVE-2025-6465 Path traversal in image upload with preview overwrite
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
PT-2025-34258 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.10.x through 10.10.0 Mattermost versions 10.9.x through 10.9.3 Description: The application fails to sanitize file names, potentially...
Linux Distros Unpatched Vulnerability : CVE-2018-6053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing...