CVE-2026-44129

CVE-2026-44129 affects SEPPmail Secure Email Gateway prior to version 15.0.4, where a server-side template injection exists in the new GINA UI. An endpoint accepts attacker-controlled templates, enabling remote attackers to execute arbitrary template expressions and potentially achieve remote cod...

Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

CVE-2025-56769

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

CVE-2025-56769

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

Hutool 安全漏洞

Hutool is a small but comprehensive Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool versions prior to 5.8.4, which stems from a QLExpressEngine class that allows the execution of arbitrary expressions, potentially leading to remote code execution...

CVE-2025-56769

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

CVE-2025-56769

CVE-2025-56769 affects chinabugotech Hutool (hutool/ hutool-extra) prior to version 5.8.4 (and related advisories mention 5.8.40) due to insecure handling in the QLExpressEngine . The issue lets an attacker craft expressions that cause arbitrary method invocation, enabling potential remote code e...

Debian dla-3768 : python-pil - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3768 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3768-1 [email protected]...

BIT-PILLOW-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

SUSE-SU-2024:0290-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. bsc1219048 - CVE-2022-22817: Fixes evaluation of arbitrary expressions via PIL.ImageMath.eval. bsc1194521...

Rocky Linux 8 : python-pillow (RLSA-2022:0643)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0643 advisory. - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow before 9.0.0 has ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-pillow Multiple Vulnerabilities (NS-SA-2023-0015)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-pillow packages installed that are affected by multiple vulnerabilities: - pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 -...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2023-057)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-057 advisory. A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacke...

Amazon Linux 2022 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2022-2022-196)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-196 advisory. A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacke...

EulerOS Virtualization 2.10.0 : python-pillow (EulerOS-SA-2022-2037)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c ...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-2065)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-2037)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0166 Updated python-pillow packages fix security vulnerability

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary...

EulerOS Virtualization 3.0.2.0 : python-pillow (EulerOS-SA-2022-1690)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c ...

EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2022-1495)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow befor...