UBUNTU-CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

OPENSUSE-SU-2026:10198-1 python311-Pillow-12.1.1-1.1 on GA media

These are all security issues fixed in the python311-Pillow-12.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-25990 Pillow has an out-of-bounds write when loading PSD images

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

Pillow affected by out-of-bounds write when loading PSD images

Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow = 10.3.0 users are affected. Patches Pillow 12.1.1 will be released shortly with a fix for this. Workarounds Image.open has a formats parameter that can be used to prevent PSD images from being opene...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file. Remediation Upgrade pillow to version 12.1.1 o...

Exploit for CVE-2026-21721

💥 CVE-2026-21721 Exploit Написал exploit для CVE-2026-21721...

CVE-2018-4430

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2025-1493

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources...

EUVD-2016-4584

Malware in sbrugna...

CVE-2025-58780

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."...

CVE-2025-57884

Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through = 12.1.1...

CVE-2025-57884 WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1...

CVE-2025-9135

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1258 on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components...

CVE-2025-9135

CVE-2025-9135 affects Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr on Android up to version 12.1.1(258). Root cause: improper export of AndroidManifest.xml components due to manipulation of an unknown function, enabling a local attack. Public exploit exists. Im...

CVE-2021-2023

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: APIs. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Bas...

CVE-2021-35554

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Quotes. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

IBM Db2 竞争条件问题漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 12.1.1 and prior versions suffer from a Competitive Condition Issue vulnerability that stems from improper concurrent...

IBM Db2 输入验证错误漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. An input validation error vulnerability exists in IBM Db2 versions 12.1.0 and 12.1.1, which stems from the possibility that the...

DEBIAN-CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...