Lucene search
K

10 matches found

CVE
CVE
added 2026/04/17 1:45 p.m.15 views

CVE-2026-6491

Affected software and component: libvips (up to 8.18.2), specifically the nip2 Handler’s function im_minpos_vec in libvips/deprecated/vips7compat.c. Root cause / vulnerability: manipulation of the argument n leads to a heap-based buffer overflow. Impact (as stated): local attack feasibility with ...

5.3CVSS5.9AI score0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:45 p.m.4 views

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.6AI score0.0016EPSS
Exploits0References7
OSV
OSV
added 2026/02/27 3:16 a.m.5 views

CVE-2026-3282

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

7.1CVSS5.4AI score
Exploits0References8
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

libvips 安全漏洞

libvips is an open-source fast image processing library with low memory requirements. Version 8.19.0 of libvips contains a security vulnerability, which stems from improper handling of the parameter “index” in the file “libvips/conversion/bandrank.c”. This vulnerability may lead to a heap-based...

7.8CVSS6.2AI score0.00243EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.12 views

libvips 安全漏洞

libvips is an open-source fast image processing library with low memory requirements. Versions of libvips 8.19.0 and earlier contain security vulnerabilities, which stem from a heap buffer overflow vulnerability in the vipssourcereadtomemory function...

7CVSS6AI score0.00182EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.6 views

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/02/07 9:58 p.m.17 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user’s identifier. Affected software: ...

5.3CVSS5.4AI score0.00246EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.14 views

PT-2026-6925

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan versions before 8.19 have an issue where attachment metadata might be revealed to users who should not have access. This happens because the system doesn’t properly limit which attachment details...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References6
Atlassian
Atlassian
added 2025/12/12 7:28 a.m.17 views

Improper Authorization org.springframework:spring-core Dependency in Bitbucket Data Center and Server

This High severity Improper Authorization vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5, allows an attacker to potentially perform actions to circumvent authorization checks, which...

7.5CVSS8.3AI score0.0046EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/09/01 12:0 a.m.5 views

PT-2021-22383 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue is related to a Broken Access Control vulnerability in the issue notification feature, allowing users who have watched an issue to continue receiving update...

5.3CVSS7.1AI score0.00752EPSS
Exploits0References4
Rows per page
Query Builder