Lucene search
K

1682 matches found

AlpineLinux
AlpineLinux
added 2026/06/10 10:3 p.m.8 views

CVE-2026-53461

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and...

7.5CVSS5.4AI score0.00353EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 10:3 p.m.36 views

CVE-2026-53461

ImageMagick contains an out-of-bounds heap write in the ICON decoder caused by an incorrect loop, affecting releases before 6.9.13-50 and 7.1.2-25. The vulnerability can lead to a crash (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is rated HIGH with network exploitation and no user interaction requi...

7.5CVSS5.4AI score0.00353EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/10 2:38 p.m.5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for org.webjars.npm:image-size. References - GitHub PR - Vulnerability Repor...

8.7CVSS5.3AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/10 2:38 p.m.9 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for image-size. References - GitHub PR - Vulnerability Report - Vulnerable C...

8.7CVSS5.3AI score0.0043EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48570

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description An incorrect loop in the ICON decoder can result in an out of bounds heap write, which may lead to a crash. An out of bounds heap write occurs when a...

7.5CVSS5.7AI score0.00441EPSS
Exploits0References51
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained a buffer error vulnerability. This vulnerability stemmed from an erroneo...

7.5CVSS5.6AI score0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the ICNS parser, which could allow remote attackers to permanently block the Node.js event...

8.7CVSS5.9AI score0.0043EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6216

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

5.1CVSS3.7AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3878

The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

6.4CVSS5.7AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS5.7AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS5.8AI score0.00216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS5.7AI score0.00257EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/05/28 6:30 p.m.7 views

Path traversal and reflected XSS in Flag and Icon Twig components

EasyAdminBundle ships two public Twig components — and — that load SVG files from disk using a path built directly from a public component property, and then render the resulting markup with the Twig |raw filter. When an application binds either of those properties to data that is influenced by a...

5.9AI score
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.12 views

SUSE CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/27 9:14 a.m.12 views

WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.17 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.34 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:31 a.m.22 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Rows per page
Query Builder