10232 matches found
vLLM 0.8.3 - 0.14.0 - Information Disclosure
vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....
WP Responsive Images <= 1.0 - Arbitrary File Read
WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...
WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...
Gitea Container Registry - Unauthorized Private Image Access
Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...
Astro - Unauthorized Third-Party Image Access
Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...
ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin id: CVE-2023-0334 info: name: ShortPixel Adaptive Images 3.6.3 - Cross Site Scripting author:...
Nevma Adaptive Images - Arbitrary File Deletion
Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...
Images to WebP < 1.9 - Authenticated Local File Inclusion
The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs22: nodejs22-22.23.1-2.1.hum1 aarch64, x8664 nodejs22-bin-22.23.1-2.1.hum1 noarch nodejs22-devel-22.23.1-2.1.hum1 aarch64, x8664 nodejs22-docs-22.23.1-2.1.hum1 noarch...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libarchive: bsdcat-3.8.8-2.1.hum1 aarch64, x8664 bsdcpio-3.8.8-2.1.hum1 aarch64, x8664 bsdtar-3.8.8-2.1.hum1 aarch64, x8664 bsdunzip-3.8.8-2.1.hum1 aarch64, x8664 libarchive-3.8.8-2.1.hum1 aarch6...
CVE-2026-61870
A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. An attacker could exploit this by providing specially crafted VIFF images, which would trigger memory allocation failures. This action can exhaust...
EUVD-2026-43186
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-bin-24.18.0-0.3.hum1 noarch nodejs24-devel-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-docs-24.18.0-0.3.hum1 noarch...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.14-1.4.hum1 aarch64, x8664 python3.13-debug-3.13.14-1.4.hum1 aarch64, x8664 python3.13-devel-3.13.14-1.4.hum1 aarch64, x8664 python3.13-freethreading-3.13.14-1.4.hum1...
CVE-2026-55469
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.12: python3.12-3.12.13-3.5.hum1 aarch64, x8664 python3.12-debug-3.12.13-3.5.hum1 aarch64, x8664 python3.12-devel-3.12.13-3.5.hum1 aarch64, x8664 python3.12-idle-3.12.13-3.5.hum1 aarch64,...
CVE-2026-55781
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...
CVE-2026-59923
A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.14-1.3.hum1 aarch64, x8664 python3.13-debug-3.13.14-1.3.hum1 aarch64, x8664 python3.13-devel-3.13.14-1.3.hum1 aarch64, x8664 python3.13-freethreading-3.13.14-1.3.hum1...