Category: Vulnerabilities

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function...

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation...

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely....

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be...

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed...

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the ‘change-ad__content’ shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to...

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially...

CWE-434 Unrestricted Upload of File with Dangerous Type More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. More information : https://github.com/libming/libming/issues/367

Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7. More information : https://vdp.patchstack.com/database/wordpress/plugin/plugin-optimizer/vulnerability/wordpress-plugin-optimizer-plugin-1-3-7-broken-access-control-vulnerability?_s_id=cve

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The...