Lucene search
K

53 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1861)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1861 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can...

7.5CVSS6AI score0.00353EPSS
Exploits0References18
OSV
OSV
added 2026/06/10 11:16 p.m.7 views

UBUNTU-CVE-2026-53460

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 a...

7.5CVSS5.2AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 9:29 p.m.33 views

CVE-2026-45624 ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS6AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.16 views

CLI Proxy API 代码问题漏洞

CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...

6.5CVSS6.7AI score0.00215EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/13 9:32 p.m.4 views

CVE-2026-40310

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...

5.5CVSS5.2AI score0.00189EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/31 4:56 p.m.2 views

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS5.8AI score0.00158EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.9.2, pypdf had a security vulnerability that could be exploited by attackers to create PDF files that led to infinite...

8.2CVSS5.8AI score0.00455EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 11:58 p.m.6 views

CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

8.2CVSS5.8AI score0.00455EPSS
Exploits0References5
Fedora
Fedora
added 2026/03/21 12:16 a.m.8 views

[SECURITY] Fedora 44 Update: wordpress-6.9.4-1.fc44

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

4.3CVSS5.9AI score0.00305EPSS
Exploits0
NVD
NVD
added 2026/03/20 11:16 p.m.3 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

8.2CVSS0.00264EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:9 a.m.3 views

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

5.1CVSS5.7AI score0.00349EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 4:17 p.m.5 views

pypdf has inefficient decoding of array-based streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. Patches This has been fixed in pypdf==6.9.1. Workarounds If you cannot upgrade yet, consider applying the...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/17 4:16 p.m.7 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 3:26 p.m.10 views

CVE-2026-21886

OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:26 p.m.5 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

WordPress 6.0 < 6.9.2

WordPress versions 6.0 6.9.2 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-9-2-release. include'compat.inc'; if description scriptid301728;...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/01/28 11:24 a.m.5 views

EUVD-2025-206488

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS5.9AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WebPros WordPress Toolkit security vulnerabilities

The WebPros WordPress Toolkit is a WordPress management platform provided by the Swiss company WebPros. Versions of the WebPros WordPress Toolkit prior to 6.9.1 contained security vulnerabilities; these vulnerabilities were caused by issues with the WordPress directory names, which could lead to...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 12:0 a.m.3 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

5.4AI score0.00418EPSS
Exploits0References1
Rows per page
Query Builder