Lucene search
K

321 matches found

CNNVD
CNNVD
added 2023/10/18 12:0 a.m.5 views

WordPress Plugin Gallery - Image and Video Gallery with Thumbnails Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS5.9AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.5 views

PT-2023-29610 · WordPress · Wpdevart Gallery – Image/Video Gallery With Thumbnails

Name of the Vulnerable Software and Affected Versions: wpdevart Gallery – Image and Video Gallery with Thumbnails plugin versions = 2.0.3 Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This allows for the storage of malicious scripts that can be...

7.1CVSS6AI score0.00313EPSS
Exploits0References6
NVD
NVD
added 2023/10/16 9:15 a.m.18 views

CVE-2023-45629

Cross-Site Request Forgery CSRF vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.3 versions...

8.8CVSS6.5AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2023/10/16 9:15 a.m.3 views

CVE-2023-45629

Cross-Site Request Forgery CSRF vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.3 versions...

8.8CVSS7.3AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/16 8:31 a.m.22 views

CVE-2023-45629 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.3 versions...

5.4CVSS9AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

WordPress Plugin Gallery - Image and Video Gallery with Thumbnails Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Gallery - Image and Video...

8.8CVSS6.5AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-29609 · WordPress · Wpdevart Gallery – Image/Video Gallery With Thumbnails

Name of the Vulnerable Software and Affected Versions: wpdevart Gallery – Image and Video Gallery with Thumbnails plugin versions = 2.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing...

8.8CVSS8.8AI score0.00184EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.22 views

Snappy Code Issue Vulnerability

Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy is vulnerable to a code issue. An attacker can exploit this vulnerability to remotely execute code...

9.8CVSS7.3AI score0.01877EPSS
Exploits1References4
OSV
OSV
added 2023/06/24 2:15 a.m.3 views

CVE-2023-1722

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

8.8CVSS5.9AI score0.00364EPSS
Exploits1References2
Prion
Prion
added 2023/06/24 2:15 a.m.18 views

Authentication flaw

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

6.8CVSS8.8AI score0.00364EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/06/24 12:15 a.m.33 views

Authentication flaw

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

5.8CVSS7.1AI score0.0099EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/06/24 12:0 a.m.5 views

Yoga Class Registration System 代码问题漏洞

Yoga Class Registration System is a yoga class registration system. A file upload vulnerability exists in Yoga Class Registration System v1.0, which stems from the application's inability to properly validate class thumbnails uploaded by administrators, and can be exploited by an attacker with...

9.1CVSS7.3AI score0.0099EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/23 11:2 p.m.12 views

CVE-2023-1721 Yoga Class Registration System 1.0 - RCE

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

9.1CVSS9.6AI score0.0099EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.4 views

WordPress Plugin Gallery – Image and Video Gallery with Thumbnails 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6.8AI score0.00422EPSS
Exploits0References2
OSV
OSV
added 2023/03/15 5:22 p.m.3 views

DRUPAL-CONTRIB-2023-010

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/03/15 4:21 p.m.1 views

DRUPAL-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2023/03/15 12:0 a.m.21 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

3.1AI score
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39184

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...

8.6CVSS8.3AI score0.01017EPSS
Exploits0References3
OSV
OSV
added 2022/12/08 4:15 p.m.1 views

CVE-2022-39908

TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write...

7.4CVSS5.8AI score0.00071EPSS
Exploits0References1
NVD
NVD
added 2022/12/08 4:15 p.m.11 views

CVE-2022-39908

TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write...

7.4CVSS0.00071EPSS
Exploits0References1
Rows per page
Query Builder