| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.
This issue affects Themify Folo: from n/a through 1.9.6. |
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. |
| Unauthenticated Local File Inclusion in Etude <= 1.6 versions. |
| Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. |
| Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. |
| Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. |
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. |
| Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. |
| BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges. |
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02. |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. |
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. |
| Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. |
| Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. |
| Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Integrate Google Drive: from n/a through 1.3.8. |
| Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects iPages Flipbook: from n/a through 1.5.1. |
| Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
This issue affects Widget Options: from n/a through 4.0.1. |
