Lucene search
K

321 matches found

OSV
OSV
added 2024/12/23 7:10 p.m.13 views

BIT-DISCOURSE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

6.8CVSS6.6AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2024/12/19 8:15 p.m.21 views

CVE-2024-52794

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

6.8CVSS0.00274EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 7:12 p.m.3 views

CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

6.8CVSS6.4AI score0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.5 views

PT-2024-35446 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version Description: Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. The issue is resolved in the latest version of Discourse...

6.8CVSS6.7AI score0.00274EPSS
Exploits0References6
NVD
NVD
added 2024/12/09 1:15 p.m.6 views

CVE-2023-49851

Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1...

5.3CVSS0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.10 views

CVE-2023-49851 WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1...

5.3CVSS5.3AI score0.00448EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:30 a.m.13 views

CVE-2023-49851 WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1...

5.3CVSS0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

WordPress plugin Square Thumbnails 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.7AI score0.00448EPSS
Exploits0References1
Snyk
Snyk
added 2024/12/03 6:44 p.m.1 views

Arbitrary File Upload

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Arbitrary File Upload due to the dynamicthumbnails option or processing a specially crafted request. An attacker can exploit this to execute arbitrary code or...

9.1CVSS7.8AI score0.00625EPSS
Exploits0References2
NVD
NVD
added 2024/12/03 5:15 p.m.26 views

CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

9.1CVSS0.00625EPSS
Exploits0References1
OSV
OSV
added 2024/12/03 5:15 p.m.4 views

DEBIAN-CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

9.1CVSS6.2AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2024/12/03 5:15 p.m.3 views

UBUNTU-CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

9.1CVSS6.6AI score0.00625EPSS
Exploits0References5
OSV
OSV
added 2024/12/03 4:48 p.m.17 views

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

8.2CVSS6.2AI score0.00625EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse, which stems from the fact that enabling the dynamicthumbnails option or processing ad-hoc requests may trigger decoding and thumbnail generation for...

9.1CVSS6.4AI score0.00625EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/11/14 12:18 a.m.3 views

SUSE CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.9AI score0.0033EPSS
Exploits0References3
NVD
NVD
added 2024/11/12 5:15 p.m.45 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/12 4:34 p.m.17 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/12 4:34 p.m.20 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS7.2AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 4:34 p.m.52 views

CVE-2024-51749

CVE-2024-51749 concerns the Element Matrix web client. The vulnerability affects Element Web and Desktop versions earlier than 1.11.85, where thumbnails for attachments, stickers, and images are not checked for coherence, allowing thumbnails to be added to events that can trigger a file download ...

3.5CVSS3.9AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 4:34 p.m.13 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.6AI score0.0033EPSS
Exploits0References4
Rows per page
Query Builder