CVE-2025-61928

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

PT-2025-41497

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.3.26 Description Better Auth is an authentication and authorization library for TypeScript. A critical authentication bypass allows unauthenticated attackers to create or modify API keys for any user. This is...

EUVD-2017-6698

Malware in sbrugna...

EUVD-2017-5165

Malware in sbrugna...

CVE-2024-13549

The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-2215 · WordPress · Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: All Bootstrap Blocks plugin for WordPress versions up to and including 1.3.26 Description: The issue is related to Stored Cross-Site Scripting via the Accordion widget due to insufficient input sanitization and output escaping. This allows...

WordPress plugin All Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-45056

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 100plugins Open User Map plugin = 1.3.26 versions...

WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS)

Software Open User Map | Everybody can add locations Type Plugin Vulnerable versions = 1.3.26 Fixed in 1.3.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b19299929197...

Ez Systems eZ Platform 安全漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. Ibexa Kernel eZ Platform A security vulnerability exists in Ibexa Kernel versions prior to 1.3.26, which stems from granting too many privileges to the corporate administrator role...

SUSE CVE-2017-13777

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...

GraphicsMagick 'ImportCMYKQuantumType' function heap buffer overflow vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. The 'ReadCMYKImage' function in the coders/cmyk.c file and the 'ImportCMYKQuantumType' function in the magick/import.c file in GraphicsMagick version 1.3.26...

GraphicsMagick 'WriteOnePNGImage' function heap buffer overflow vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A heap buffer overflow vulnerability exists in the 'WriteOnePNGImage' function in the coders/png.c file in GraphicsMagick version 1.3.26. An attacker can...

GraphicsMagick 'ImportGrayQuantumType' function heap buffer overflow vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. The 'ReadGRAYImage' function in the coders/gray.c file and the 'ImportGrayQuantumType' function in the magick/import.c file in GraphicsMagick version 1.3.26...

UBUNTU-CVE-2017-17503

ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file...

GraphicsMagick Denial of Service Vulnerability (CNVD-2017-36390)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the coders/wpg.c file in GraphicsMagick version 1.3.26. A remote attacker can exploit this vulnerability to cause a denial...

GraphicsMagick heap buffer overflow vulnerability (CNVD-2017-34467)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A heap-based buffer overflow vulnerability exists in the presentation of the visual image catalog in the 'DescribeImage' function of the magick/describe.c fi...

GraphicsMagick Memory Misreference Vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A memory misreference vulnerability exists in the 'ReadOneJNGImage' function in the coders/png.c file in GraphicsMagick version 1.3.26. An attacker can explo...

GraphicsMagick coders/rle.c file denial of service vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the ReadRLEImage of the coders/rle.c file in GraphicsMagick version 1.3.26, which fails to properly handle RLE packet...