321 matches found
element-web -- several vulnerabilities
Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. A malicious homeserver can send invalid messages over...
Minor update for Vivaldi Desktop Browser 7.0
Download Vivaldi The following improvements were made since the initial 7.0 stable release: Chromium Upgraded to 130.0.6723.96 CVE-2024-10487, CVE-2024-10488 Crash With Trash in Sessions Panel VB-110788 FeedsmacOS Can't rename top-level feed VB-110618 Keyboard Focus Next/Prev pane no longer...
PT-2024-38919 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.3 Concrete CMS versions below 8.5.19 Description: The issue concerns Stored XSS in the Image Editor Background Color, where a rogue admin could add malicious code to the Thumbnails/Add-Type. This could...
USN-6200-2 imagemagick vulnerabilities
USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected...
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...
CVE-2024-38312
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS 127...
The vulnerability of the Thumbnails component in the Redmine web application for managing projects and tasks allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Thumbnails component in the Redmine web application for managing projects and tasks exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
PT-2024-25815 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.48 ELTS TYPO3 versions prior to 10.4.45 ELTS TYPO3 versions prior to 11.5.37 LTS TYPO3 versions prior to 12.4.15 LTS TYPO3 versions prior to 13.1.1 Description: The ShowImageController eID tx cms showpic lacks a...
Quick Featured Images < 13.7.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting
Description The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setthumbnail and deletethumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with...
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...
BIT-REDMINE-2023-47260
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails...
CVE-2023-52219
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1...
CVE-2023-52219
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1...
CVE-2023-52219 WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1...
CVE-2023-52219 WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1...
CVE-2023-52219
CVE-2023-52219 is a PHP Object Injection vulnerability in the WordPress plugin Gecka Terms Thumbnails (
PT-2024-14483 · Unknown · Gecka Terms Thumbnails
Name of the Vulnerable Software and Affected Versions: Gecka Terms Thumbnails versions 1.1 and earlier Description: The issue is related to the deserialization of untrusted data. This can potentially lead to security issues when untrusted data is processed by the application. Recommendations: For...
WordPress Plugin Gecka Terms Thumbnails Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Gecka Terms Thumbnails has...
WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection
Software Gecka Terms Thumbnails Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52219 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 8f080ffeedc5 Credits Rafie Muhammad Patchstack Required...
CVE-2023-44982
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina.This issue affects Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina: from n/a through 6.4.5...