120649 matches found
CVE-2026-25794
A flaw was found in ImageMagick. When processing images with large dimensions, the WriteUHDRImage function in coders/uhdr.c uses integer arithmetic that can overflow. This overflow leads to an undersized memory allocation, followed by an out-of-bounds write. A remote attacker could exploit this...
USN-8058-1: rlottie vulnerabilities
It was discovered that rlottie did not properly handle certain inputs. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code...
USN-8058-1 rlottie vulnerabilities
It was discovered that rlottie did not properly handle certain inputs. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code...
Arbitrary Code Injection
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
SolarWinds Serv-U 安全漏洞
SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a security vulnerability that stems from access control violations, which may lead to the creation of system administrator users and the execution of arbitrary co...
PT-2026-21740
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description The software contains memory safety bugs. Some of these bugs exhibited evidence of memory corruption, and it is presumed that, with sufficient effort, they could...
PT-2026-21668
Name of the Vulnerable Software and Affected Versions Serv-U affected versions not specified Description A type confusion issue exists in Serv-U, potentially allowing a malicious actor to execute arbitrary native code with elevated privileges. Exploitation of this issue requires administrative...
Adobe Audition out-of-bounds write vulnerability (CNVD-2026-14508)
Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. Adobe Audition suffers from an out-of-bounds write...
Mozilla多款产品 缓冲区错误漏洞
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in multiple Mozilla products, whi...
Mozilla多款产品 输入验证错误漏洞
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...
MLflow < 3.8.0 Authentication Bypass (ZDI-26-111)
The version of MLflow installed on the remote host is prior to 3.8.0. It is, therefore, affected by an authentication bypass vulnerability: - A use of default password vulnerability exists in the basicauth.ini file. The file contains hard-coded default credentials that allow remote, unauthenticat...
KLA90902 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use after...
📄 SPIP Saisies 5.11.0 Remote Code Execution
This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...
Security Vulnerabilities fixed in Thunderbird 140.8 — Mozilla
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
USN-8057-1: GIMP vulnerabilities
Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue onl...