5 matches found
CVE-2026-44636 libsixel: integer overflow in encoder
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...
CVE-2026-33020
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...
WordPress Ovatheme Events Manager plugin <= 1.8.6 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.6...
WordPress WP Blast plugin <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing vulnerability
Cross-Site Request Forgery to Cache Clearing vulnerability discovered by Nabil Irawan in WordPress Plugin WP Blast versions = 1.8.6...
WordPress Makeaholic Theme <= 1.8.5 is vulnerable to Broken Access Control
Software Makeaholic Type Theme Vulnerable versions = 1.8.5 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de9323d56155 Credits Tran Nguyen Bao Khanh VCI - VNPT...