Lucene search
K

7 matches found

NVD
NVD
added yesterday5 views

CVE-2026-53653

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS
Exploits0References5
CVE
CVE
added yesterday4 views

CVE-2026-53653

Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...

8.7CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS
Exploits0References5
OSV
OSV
added 2023/04/26 2:15 p.m.1 views

UBUNTU-CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

7.5CVSS5.7AI score0.00667EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/06 12:0 a.m.4 views

PT-2022-17184 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the fixed version Description: The Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access ...

7.5CVSS7.3AI score0.00667EPSS
Exploits0References14
Veracode
Veracode
added 2017/09/12 8:5 a.m.11 views

Denial Of Service (DoS)

drupal/core is vulnerable to denial of service DoS attacks. Attackers can create a large number of image derivatives when the imageallowinsecurederivatives setting is enabled, consuming server disk space...

6.4AI score
Exploits0
Rows per page
Query Builder