36 matches found
CVE-2026-41880
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
CVE-2026-41880 OS Command Injection in R-SOFT DMS
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
PT-2026-49308
Discuz! X5.0 releases 20260320 through 20260501 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...
MemVenom: Triggered Poisoning of Multimodal Memories in Web Agents
External memory has become a core component of modern web agents, enabling long-horizon reasoning through the retrieval of past experiences. However, this paradigm introduces a critical vulnerability: malicious content injected into memory can be persistently recalled and repeatedly influence age...
What’s new in Microsoft Security: May 2026
At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the AI it protects. As organizations accelerate AI adoption, security teams are navigating...
MAL-2026-4221 Malicious code in selfservsweeper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81843a6f21fe31627b1e97fdb8ffe41789c1f921c60512347bbf2b0c2fb30121 Package self-describes as a 'Touch-friendly Minesweeper overlay for NCR SelfServ kiosks', but the advertised CLI entrypoints selfservsweeper,...
Malicious code in selfservsweeper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81843a6f21fe31627b1e97fdb8ffe41789c1f921c60512347bbf2b0c2fb30121 Package self-describes as a 'Touch-friendly Minesweeper overlay for NCR SelfServ kiosks', but the advertised CLI entrypoints selfservsweeper,...
PT-2026-38438
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...
CVE-2026-35455
Immich (self-hosted photo/video management) has a Stored XSS in the 360° panorama viewer prior to version 2.7.0. An authenticated user can upload an equirectangular image containing crafted text; OCR extracts it and the panorama viewer renders it via innerHTML without sanitization. This allows ar...
EUVD-2026-15461
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories
A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...
CVE-2021-47729
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...
TopoReformer: Mitigating Adversarial Attacks Using Topological Purification in OCR Models
Adversarially perturbed images of text can cause sophisticated OCR systems to produce misleading or incorrect transcriptions from seemingly invisible changes to humans. Some of these perturbations even survive physical capture, posing security risks to high-stakes applications such as document...
VulnCheck KEV: CVE-2025-34021
A server-side request forgery SSRF vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON...
Dnn.Platform 安全漏洞
Dnn.Platform is an open source web content management platform CMS open sourced by Dnn Software. A security vulnerability exists in Dnn.Platform, which stems from a low complexity CAPTCHA generation algorithm that is easily recognized by OCR tools...
Screenshot-Reading Malware
Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...
DEBIAN-CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...
UBUNTU-CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...
Artifex Ghostscript 安全漏洞
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...