Lucene search
+L

452 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39643

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/29 4:16 a.m.10 views

openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Code-Projects Online Lot Reservation System 访问控制错误漏洞

The Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Version 1.0 of the system has a vulnerability related to access control. This vulnerability stems from the handling of the image parameter in the edithousepic.php file, which ma...

5.8CVSS5.8AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 5:46 p.m.35 views

CLSA-2026-1776879963 php: Fix of 9 CVEs

CVE-2019-9020: fix heap out-of-bounds read in xmlrpcdecode - CVE-2019-9021: fix heap buffer overflow in phardetectpharfnameext - CVE-2019-9023: fix heap buffer over-reads in mbstring regex functions - CVE-2019-9641: fix uninitialized read in exifprocessIFDinTIFF - CVE-2019-11034: fix...

9.8CVSS6.9AI score0.10059EPSS
Exploits7References1
NVD
NVD
added 2026/04/20 5:16 p.m.6 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS0.00539EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 4:11 p.m.4 views

CVE-2026-25524 OpenMage LTS's Phar Deserialization leads to Remote Code Execution

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6.2AI score0.00539EPSS
Exploits1References4
OSV
OSV
added 2026/04/14 3:22 p.m.12 views

CLSA-2026-1776180138 Fix of 12 CVEs

SECURITY UPDATE: fix vulnerability in image handling - debian/patches/CVE-2025-53101.patch: fix vulnerability in image handling - CVE-2025-53101 SECURITY UPDATE: fix vulnerability in image handling - debian/patches/CVE-2025-53014.patch: fix vulnerability in image handling - CVE-2025-53014 SECURIT...

9.8CVSS7AI score0.00792EPSS
Exploits4References1
Mageia
Mageia
added 2026/04/07 9:50 p.m.16 views

Updated tigervnc packages fix security vulnerability

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 1:53 p.m.20 views

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

8.2CVSS5.5AI score0.00208EPSS
Exploits1
CVE
CVE
added 2026/03/27 1:53 p.m.27 views

CVE-2026-33206

CVE-2026-33206 affects Calibre prior to 9.6.0. The vulnerability consists of a path traversal in Calibre’s handling of images in Markdown and similar text-based files, allowing an attacker to include arbitrary filesystem files into the converted book. Additionally, the background-image endpoint i...

8.2CVSS5.9AI score0.00208EPSS
Exploits1References1Affected Software1
Fedora
Fedora
added 2026/03/24 12:52 a.m.10 views

[SECURITY] Fedora 43 Update: giflib-5.2.2-9.fc43

giflib is a library for reading and writing gif images...

7CVSS5.8AI score0.00144EPSS
Exploits0
OSV
OSV
added 2026/03/20 12:39 p.m.11 views

CLSA-2026-1774010344 Fix of 8 CVEs

SECURITY UPDATE: stack buffer overflow in msl.c attribute handling, path traversal bypass of security policy, XSS in HTML coder output, and MSL attribute overflow - debian/patches/CVE-2026-25797CVE-2026-25965CVE-2026-25968CVE-2026-25982.patch: Fix memory leaks, stack overflows, integer overflows...

9.8CVSS7AI score0.00671EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2026/03/19 7:8 a.m.8 views

USN-8103-2: Exiv2 regression

USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...

5.5CVSS6.7AI score0.00226EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

paicoding 代码问题漏洞

Paicoding is an open-source community system developed by ITWanger’s individual developers. Versions 1.0.0, 1.0.1, 1.0.2, and 1.0.3 of Paicoding contain code vulnerabilities. These vulnerabilities stem from incorrect handling of the img parameter in the function Save within the component Image Sa...

6.5CVSS6.6AI score0.00312EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/02/25 9:49 a.m.6 views

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.12-0 Fix spacecmd binary file upload bsc1253659 Fix typo in spacecmd help ca-cert flag bsc1253174 Convert cached IDs to int bsc1251995 Fix methods in api namespace in spacecmd bsc1249532 Make caching code Py 2.7 compatible Use JSON...

8.7CVSS5.7AI score0.00403EPSS
Exploits0References62
Snyk
Snyk
added 2026/02/24 1:30 a.m.3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the process of handling a specially crafted image file containing a long attribute value. An attacker can cause memory corruption, unpredictable behavior, or a denial of service by submitting a malicious...

9.8CVSS5.6AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:54 a.m.7 views

NULL Pointer Dereference

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS6AI score0.00376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.5 views

Mozilla Thunderbird < 148.0

The version of Thunderbird installed on the remote Windows host is prior to 148.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-16 advisory. - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory...

10CVSS7.7AI score0.00625EPSS
Exploits2References51
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.11 views

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.452.b09-2.el8 (AXSA:2025-9868:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9868:07 advisory. JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling...

7.4CVSS6.5AI score0.00784EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.26.0.4-1.0.1.el7.AXS7 (AXSA:2025-9817:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9817:01 advisory. - Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol...

7.4CVSS6.5AI score0.01257EPSS
Exploits0References12
Rows per page
Query Builder