18274 matches found
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
GHSA-X928-4434-CRQJ ImageMagick has a memory leak in PNG encoder when writing a MNG image
When the PNG encoder fails to write an MNG image it can leak memory...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG sanitization process. An attacker can execute arbitrary scripts in the context of a privileged user by uploading a crafted SVG file that bypasses attribute filtering. This is only exploitable if the...
EUVD-2026-22705
October Rain has Stored XSS via SVG Filter Bypass...
GHSA-GCQV-F29M-67GR October Rain has Stored XSS via SVG Filter Bypass
A stored cross-site scripting XSS vulnerability was identified in the SVG sanitization logic. The regex pattern used to strip on event handler attributes could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. Impact - Stored XSS via malicious SVG fil...
October Rain has Stored XSS via SVG Filter Bypass
A stored cross-site scripting XSS vulnerability was identified in the SVG sanitization logic. The regex pattern used to strip on event handler attributes could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. Impact - Stored XSS via malicious SVG fil...
CVE-2026-25133
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...
EUVD-2026-22609
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally...
EUVD-2026-22629
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
EUVD-2026-22486
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally...
EUVD-2026-22487
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally...
CVE-2026-33104
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-32221
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally...
CVE-2026-33104
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
...
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
...
CVE-2026-32221
CVE-2026-32221 is a heap-based buffer overflow in Microsoft Graphics Component that allows an attacker to execute code locally. Public sources (NVD, MSRC, and related advisories) confirm this Windows graphics component vulnerability and note that Microsoft has released updates to fix it (e.g., KB...
CVE-2026-32221
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally...
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
...
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
...