CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

CVE-2025-11738

The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...

CVE-2025-11738

CVE-2025-11738 affects the WordPress Media Library Assistant plugin (versions up to 3.29). The vulnerability allows unauthenticated attackers to read arbitrary ai/eps/pdf/ps files on the server via mla-stream-image.php, exposing sensitive information. Wordfence’s vulnerability briefing confirms a...

Important: gimp

Issue Overview: ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10922 Affected Packages: gimp Note: This advisory is applicable to Amazon Linux 2 - Gimp Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

OESA-2025-2401 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

OESA-2025-2400 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

EUVD-2020-14198

Malware in sbrugna...

EUVD-2007-4828

Malware in sbrugna...

EUVD-2016-10574

Malware in sbrugna...

EUVD-2015-5204

Malware in sbrugna...

EUVD-2021-2179

Malware in sbrugna...

EUVD-2005-3706

Malware in sbrugna...

EUVD-2013-1950

Malware in sbrugna...

EUVD-2018-13361

Malware in sbrugna...

EUVD-2006-4362

Malware in sbrugna...

EUVD-2019-14659

Malware in sbrugna...

EUVD-2020-13499

Malware in sbrugna...