Lucene search
K

82 matches found

OSV
OSV
added 2026/06/23 1:16 p.m.5 views

UBUNTU-CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Synology Assistant 访问控制错误漏洞

Synology Assistant is a network storage device discovery and management tool provided by the Chinese company Synology. Versions of Synology Assistant prior to 7.0.6-50085 contained a access control vulnerability caused by a source verification error. This vulnerability could allow local users to...

6.1CVSS5.8AI score0.00086EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

8.2CVSS7AI score0.0053EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...

4.3CVSS6.5AI score0.00874EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick within MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in values that fall outside the range of types float and unsigned char. This likely leads to a disruption in the application...

4.3CVSS6.5AI score0.01124EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...

7.8CVSS7AI score0.02189EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/18 3:40 p.m.21 views

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of YAML files after decompression. This could allow authenticated users to cause...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/15 11:26 p.m.6 views

SUSE CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.13 views

PT-2026-31123

CVE-2026-39484 URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from… https://t.co/omlG1NbySg...

5.8AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

ChurchCRM 输入验证错误漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the presence of links throughout the application. When authenticated users accessed and clicked the...

5.8AI score0.00043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

appium 路径遍历漏洞

Appium is an open-source cross-platform application automation testing framework developed by Appium. Versions of Appium prior to 7.0.6 contained a path traversal vulnerability. This vulnerability stemmed from ineffective path traversal checks in the ZIP extraction implementation, which could all...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/02/24 1:44 a.m.24 views

CVE-2026-25986

CVE-2026-25986 affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. Root cause: a heap buffer overflow in ReadYUVImage() (coders/yuv.c) occurs when processing malicious YUV 4:2:2 (NoInterlace) images, where the pixel-pair loop writes beyond the allocated row buffer. Impact (as stated): a...

9.8CVSS5.7AI score0.00461EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/24 1:39 a.m.2 views

CVE-2026-25971

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

9.8CVSS5.6AI score0.00208EPSS
Exploits0
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.6 views

Lychee 安全漏洞

Lychee is a beautiful and easy to use photo management system from The Lychee Organisation open source. It is used to manage and share photos. A security vulnerability exists in Lychee versions prior to 7.1.0, which stems from an authorization flaw in the album password unlock feature that could...

4.3CVSS6.5AI score0.00233EPSS
Exploits1References3
OSV
OSV
added 2026/01/08 10:15 a.m.4 views

CVE-2025-67922

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

6.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.4 views

CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

7.1CVSS6AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Keyfactor SignServer 安全漏洞

Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...

4.7CVSS6.6AI score0.0013EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-67544

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...

6.5CVSS0.00162EPSS
Exploits0References1
Rows per page
Query Builder