Lucene search
K

54 matches found

Nuclei
Nuclei
added yesterday14 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday18 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS6AI score0.01158EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:41 a.m.7 views

CVE-2026-10779

The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/26 4:2 p.m.12 views

EUVD-2026-31852

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 12:54 a.m.5 views

EUVD-2026-23126

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 10:17 p.m.11 views

CVE-2026-6388

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS0.00357EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 9:34 p.m.18 views

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.5 views

CVE-2026-2826

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

4.3CVSS5.9AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:13 a.m.3 views

CVE-2026-1271

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6034

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to the update user meta...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

WordPress plugin Image Gallery – Photo Grid & Video Gallery 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability exists in...

4.3CVSS6.4AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/15 6:30 a.m.6 views

EUVD-2025-197683

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

4.3CVSS5AI score0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-15414

Malware in sbrugna...

7.5CVSS7.5AI score0.00465EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-15420

Malware in sbrugna...

6.5CVSS6.5AI score0.00521EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-15412

Malware in sbrugna...

9.8CVSS9.2AI score0.00436EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-35974

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00807EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46850

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32161

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00609EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51931

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.0053EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.9 views

CVE-2024-3581

The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...

4.3CVSS6.7AI score0.00609EPSS
Exploits0References1
Rows per page
Query Builder