10 matches found
CVE-2026-6491
Affected software and component: libvips (up to 8.18.2), specifically the nip2 Handler’s function im_minpos_vec in libvips/deprecated/vips7compat.c. Root cause / vulnerability: manipulation of the argument n leads to a heap-based buffer overflow. Impact (as stated): local attack feasibility with ...
CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
CVE-2026-3282
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...
libvips 安全漏洞
libvips is an open-source fast image processing library with low memory requirements. Version 8.19.0 of libvips contains a security vulnerability, which stems from improper handling of the parameter “index” in the file “libvips/conversion/bandrank.c”. This vulnerability may lead to a heap-based...
libvips 安全漏洞
libvips is an open-source fast image processing library with low memory requirements. Versions of libvips 8.19.0 and earlier contain security vulnerabilities, which stem from a heap buffer overflow vulnerability in the vipssourcereadtomemory function...
CVE-2026-25568
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user’s identifier. Affected software: ...
PT-2026-6925
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan versions before 8.19 have an issue where attachment metadata might be revealed to users who should not have access. This happens because the system doesn’t properly limit which attachment details...
Improper Authorization org.springframework:spring-core Dependency in Bitbucket Data Center and Server
This High severity Improper Authorization vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5, allows an attacker to potentially perform actions to circumvent authorization checks, which...
PT-2021-22383 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue is related to a Broken Access Control vulnerability in the issue notification feature, allowing users who have watched an issue to continue receiving update...