Linux Distros Unpatched Vulnerability : CVE-2026-32740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...

UBUNTU-CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

libheif 缓冲区错误漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from a heap buffer overflow during tile composition, allowing attackers to write...

Astra Linux - уязвимость в chromium

The use of after free in libavif in Google Chrome before version 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption through a crafted avif file. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of after free in libavif in Google Chrome before version 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption through a crafted avif file. Chromium security severity: High...

WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Author+ Stored XSS via SVG Uplaod vulnerability

Author+ Stored XSS via SVG Uplaod vulnerability discovered by Bob Matyas in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

EUVD-2025-203883

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-13750

Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.

CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

PT-2025-51816

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-12015 Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Afosto Disconnect

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...

PT-2025-46793

Name of the Vulnerable Software and Affected Versions Convert WebP & AVIF | Quicq versions prior to 2.0.1 Description The Convert WebP & AVIF | Quicq WordPress plugin is susceptible to unauthorized data modification. This is due to a missing capability check on the wp ajax wpqai disconnect quicq...

EUVD-2023-36756

Malicious code in bioql PyPI...

EUVD-2025-15238

Malicious code in bioql PyPI...

EUVD-2024-49697

Malicious code in bioql PyPI...

avif-tools-1.3.0-2.1 on GA media (moderate)

avif-tools-1.3.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:15320-1 Rating: moderate Cross-References: CVE-2025-48174 CVSS scores: CVE-2025-48174 SUSE : 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L CVE-2025-48174 SUSE : 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N...

OPENSUSE-SU-2025:15332-1 avif-tools-1.3.0-3.1 on GA media

These are all security issues fixed in the avif-tools-1.3.0-3.1 package on the GA media of openSUSE Tumbleweed...