gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of ICO files. A remote attacker can exploit this by convincing a user to open a malicious file or visit a malicious web page, leading to arbitrary code execution. The issue is due to a lack of...

PT-2026-27148

XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file...

CVE-2026-30007

XnSoft NConvert 7.230 is affected by CVE-2026-30007: a Use-After-Free in processing crafted TIFF files. According to the provided metrics, the impact is Availability: High; Confidentiality/Integrity: None; Attack vector: Local; Privileges required: None; User interaction: None; Base score 6.2 (Me...

PT-2026-27149

XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file...

CVE-2026-30006

XnSoft NConvert 7.230 is affected by a vulnerability described as a Stack Buffer Overrun triggered by a crafted TIFF file. The issue relates to parsing TIFF data and can impact availability. The provided documents identify the affected product and the file type but do not disclose the exact root-...

Linux Distros Unpatched Vulnerability : CVE-2026-4426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs...

ALSA-2026:5113 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 MotionEye v0.43.1b4 OS Command Injection A pr...

Microsoft Windows Image File Execution Options (IFEO) Persistence

This PHP script leverages legitimate Windows debugging features to establish persistent remote access. This technique leverages the Image File Execution Options IFEO registry keys to configure a monitor process that automatically executes when a specified target process exits. Windows allows...

EUVD-2026-11300

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

📄 Vvveb CMS 1.0.5 Command Injection

Proof of concept exploit for a remote command injection vulnerability in Vvveb CMS version 1.0.5 via configuration files. Upon further analysis, the researcher has also discovered that this affects version 1.0.7.3...

PT-2026-24098

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26 cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

Python Library OpenEXR 3.3.x < 3.3.7 / 3.4.x < 3.4.5 Heap Buffer Overflow (OOB Read)

The version of the OpenEXR Python package installed on the remote host is 3.3.x prior to 3.3.7 or 3.4.x prior to 3.4.5. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the istreamnonparallelread function in ImfContextInit.c...

SUSE CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in msl.c. An attacker can cause memory exhaustion and disrupt service availability by submitting malicious image files. Remediation A fix was pushed into the master branch but not yet...

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in handling SFW image files, when temporary file creation fails. An attacker can cause the application to crash by submitting a malicious SFW image file. Remediation A fix was pushed into the master branch but n...

LibTIFF 安全漏洞

LibTIFF is an open-source library for reading and writing TIFF Tagged Image File Format files. This library includes some command-line tools for processing TIFF files. Versions of LibTIFF prior to v4.7.1 have security vulnerabilities, which stem from a stack overflow vulnerability in the...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function...

CVE-2026-25869

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...