Lucene search
K

2058 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

7.8CVSS7.8AI score0.01565EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libimage-exiftool-perl

In ExifTool’s lib/Image/ExifTool.pm, version 12.38 incorrectly handles the $file = /|$/ check, resulting in command injection...

7.8CVSS7.3AI score0.07575EPSS
Exploits5References1
OSV
OSV
added 2026/05/19 5:44 p.m.24 views

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

7.5CVSS6.8AI score0.79949EPSS
Exploits7References1
NVD
NVD
added 2026/05/19 7:16 a.m.24 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS0.00528EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 5:0 a.m.33 views

CVE-2026-8814

CVE-2026-8814 affects the ExifReader library prior to version 4.39.0. The issue is an improper handling of highly compressed data (Data Amplification) that occurs when decompressing PNG zTXt metadata without a built-in maximum decompressed output size, which can cause a crafted PNG to materialize...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 5:0 a.m.56 views

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

8.7CVSS0.00528EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 5:0 a.m.40 views

CVE-2026-8813

CVE-2026-8813 affects exifreader before 4.39.0. A crafted ICC profile mluc tag allows an attacker-controlled record count with a zero record size, causing the parser to repeatedly process the same records and grow memory usage, leading to DoS. Proof-of-concept in SNYK shows a large loop with mluc...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41832

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description Improper handling of highly compressed data leads to data amplification when decompressing PNG zTXt metadata without enforcing a maximum decompressed output size. If asynchronous parsing is...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/18 9:51 p.m.46 views

CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 3:11 p.m.9 views

EUVD-2026-30311

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References1
OSV
OSV
added 2026/05/07 7:33 p.m.9 views

GHSA-Q7F2-RV22-2XGR FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

Summary Fectura Scripts is an open-source ERP application, a sensitive information disclosure vulnerability was identified in the Library module's image upload and download pipeline. The application fails to strip EXIF and other embedded metadata from user-uploaded image files before storing them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.35 views

Updated libexif packages fix security vulnerabilities

CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
NVD
NVD
added 2026/05/06 3:16 p.m.46 views

CVE-2025-31959

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 1:47 p.m.24 views

CVE-2025-31959

Affected product : HCL BigFix Service Management (SM). Vulnerability : The SM application fails to strip EXIF metadata from uploaded images. This metadata may include sensitive location information, leading to confidentiality/privacy risks if inadvertently shared. Impact (from sources) : Privacy/...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.22 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from the failure to remove EXIF metadata from uploaded images, which may lead t...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-37631

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/03 12:41 p.m.321 views

ethical-hacking-portfolio

Ethical Hacking Portfolio - CS4069 | Spring 2026 Course:...

9.8CVSS5.9AI score0.76768EPSS
Exploits10
OSV
OSV
added 2026/05/02 12:53 a.m.9 views

CLSA-2026-1777540774 php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

8.5CVSS7.3AI score0.9523EPSS
Exploits8References1
CloudLinux
CloudLinux
added 2026/04/25 8:46 a.m.7 views

php: Fix of 5 CVEs

CVE-2019-9023: mbstring oniguruma: fix heap overflow in utf32bembctocode and related mbctocode encoders bug 77418; completes CVE-2019-9023 coverage alongside existing php-5.3.29-bug773707737177381773827738577394.patch - CVE-2019-11034: exif: fix heap-buffer-overflow in phpifdget32s bug 77753 -...

9.8CVSS6.8AI score0.09395EPSS
Exploits4
OSV
OSV
added 2026/04/25 8:46 a.m.9 views

CLSA-2026-1776958404 php: Fix of 5 CVEs

CVE-2019-9023: mbstring oniguruma: fix heap overflow in utf32bembctocode and related mbctocode encoders bug 77418; completes CVE-2019-9023 coverage alongside existing php-5.3.29-bug773707737177381773827738577394.patch - CVE-2019-11034: exif: fix heap-buffer-overflow in phpifdget32s bug 77753 -...

9.8CVSS6.9AI score0.09395EPSS
Exploits4References1
Rows per page
Query Builder