Lucene search
+L

477 matches found

nvd
nvd
β€’added 2026/07/08 2:17 p.m.β€’8 views

CVE-2026-56298

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
cve
cve
β€’added 2026/07/08 1:49 p.m.β€’10 views

CVE-2026-56298

Capgo CVE-2026-56298 affects Capgo prior to 12.128.2, where the app information image upload endpoint does not strip EXIF metadata, exposing geolocation and embedded metadata. Root cause: failure to strip EXIF during upload. Impact: potential leakage of geographic location data. Remediation: upgr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
cvelist
cvelist
β€’added 2026/07/08 1:49 p.m.β€’31 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
snyk
snyk
β€’added 2026/07/05 12:28 p.m.β€’8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
astralinux
astralinux
β€’added 2026/06/24 3:11 p.m.β€’7 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a C++ library and a command-line utility for reading, writing, deleting, and modifying image metadata in formats such as Exif, IPTC, XMP, and ICC. Prior to version 0.28.8, a buffer overflow vulnerability was discovered in Exiv2. The vulnerability lies in the preview component, which only...

7.5CVSS6.8AI score0.00367EPSS
Exploits0References2
ptsecurity
ptsecurity
β€’added 2026/06/24 12:0 a.m.β€’12 views

PT-2026-51670

Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validationβ€”a security token used t...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References10
euvd
euvd
β€’added 2026/06/20 3:24 p.m.β€’10 views

EUVD-2026-38114

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
cve
cve
β€’added 2026/06/20 3:24 p.m.β€’25 views

CVE-2026-56218

Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
ptsecurity
ptsecurity
β€’added 2026/06/20 12:0 a.m.β€’15 views

PT-2026-51146

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References8
euvd
euvd
β€’added 2026/06/17 6:35 p.m.β€’11 views

EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3
cvelist
cvelist
β€’added 2026/06/17 10:7 a.m.β€’35 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
osv
osv
β€’added 2026/06/10 9:25 p.m.β€’1 views

CVE-2026-42326 ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS5.9AI score0.0012EPSS
Exploits0References3
euvd
euvd
β€’added 2026/06/10 9:25 p.m.β€’11 views

EUVD-2026-36158

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS5.3AI score0.0012EPSS
Exploits0References1
redhatcve
redhatcve
β€’added 2026/06/05 7:51 p.m.β€’10 views

CVE-2025-31959

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.4AI score0.00143EPSS
Exploits0References1
redhatcve
redhatcve
β€’added 2026/06/05 7:33 p.m.β€’12 views

CVE-2026-27892

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS5.3AI score0.00227EPSS
Exploits0References1
nessus
nessus
β€’added 2026/06/02 12:0 a.m.β€’11 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Texmaker vulnerabilities (USN-8346-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8346-1 advisory. It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata...

8.8CVSS6.7AI score0.00739EPSS
Exploits0References2
osv
osv
β€’added 2026/05/29 12:0 a.m.β€’8 views

RLSA-2026:20929 Moderate: libexif security update

The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of Service and information disclosure via integer...

4CVSS5.9AI score0.0014EPSS
Exploits0References3
astralinux
astralinux
β€’added 2026/05/20 5:53 a.m.β€’7 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...

5.5CVSS6.3AI score0.01109EPSS
Exploits0References2
astralinux
astralinux
β€’added 2026/05/20 5:53 a.m.β€’3 views

Astra Linux – Vulnerability in openimageio

A out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of the OpenImageIO Project, version OpenImageIO v2.4.4.2. Specially crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerabilit...

9.8CVSS7.3AI score0.01581EPSS
Exploits1References2
astralinux
astralinux
β€’added 2026/05/20 5:53 a.m.β€’4 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit this vulnerability to cause a denial of...

5.5CVSS6.3AI score0.01104EPSS
Exploits0References2
Rows per page
Query Builder