Lucene search
K

776 matches found

Nuclei
Nuclei
added 13 hours ago21 views

WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect

WordPress WebP Converter for Media 4.0.3 contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-25074 info: name: WordPress WebP Converter for Media 4.0.3 - Unauthenticated Open Redirect author:...

6.1CVSS6.4AI score0.02505EPSS
Exploits2References4
Nuclei
Nuclei
added 13 hours ago13 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. CVE-2026-46601 Note that Nessus relies on the presence...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-46601

A flaw was found in the golang.org/x/image/webp library's WebP decoder. A remote attacker could exploit this vulnerability by providing a specially crafted WebP image containing a VP8 chunk with mismatched dimensions. This could cause the decoder to panic, leading to a denial of service DoS for...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 8:17 p.m.7 views

CVE-2026-46601

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 7:47 p.m.22 views

CVE-2026-46601 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 7:47 p.m.12 views

CVE-2026-46601

The CVE refers to a panic in the golang.org/x/image webp decoder when processing a VP8 chunk whose alpha channel size does not match the canvas size. Affected component: the WebP decoder in x/image/webp. Root cause: mismatch between VP8 chunk dimensions and the canvas size triggers a panic (crash...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 7:47 p.m.5 views

EUVD-2026-39550

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

5.8AI score0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 7:17 p.m.12 views

CVE-2026-53779

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS0.00408EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 6:22 p.m.7 views

EUVD-2026-38340

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS6AI score0.00408EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s coders, specifically in the webp.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The most significant threat of this vulnerability is the impact on system...

7.1CVSS6AI score0.01205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. A heap-based buffer overflow is possible in the function WebPDecodeRGBInto due to an invalid check for buffer size. The greatest threat from this vulnerability is related to data confidentiality and integrity, as well as system...

9.8CVSS8.4AI score0.02662EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libwebp

A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the ShiftBytes function...

9.1CVSS7.2AI score0.02051EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in exempi

A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...

6.5CVSS7AI score0.00797EPSS
Exploits1References1
OSV
OSV
added 2026/06/18 10:46 p.m.6 views

GO-2026-5061 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux - уязвимость в libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. An out-of-bounds read was identified in the ChunkAssignData function. The greatest threat posed by this vulnerability is related to data confidentiality and service availability...

9.1CVSS7.3AI score0.02302EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/14 7:25 p.m.4 views

webp-https-errors (=4.7.2) potentially affected by unknown CVE via prettier-lint-lenz (=2.6.4)

prettier-lint-lenz NPM version =2.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on prettier-lint-lenz and may be impacted: - webp-https-errors =4.7.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3769...

5.5AI score
Exploits0
Fedora
Fedora
added 2026/05/11 1:3 a.m.11 views

[SECURITY] Fedora 43 Update: SDL3_image-3.4.4-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This is a simple library to load images of various formats as SDL surfaces. It can load BMP, GIF, JPEG, LBM, PCX, PNG, PNM PPM/PGM/PBM, QOI, TGA, XCF,...

7.1CVSS5.9AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 6:16 a.m.7 views

CVE-2026-33813

A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service DoS...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.7 views

SUSE CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder