CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1016 matches found

FreeBSD•added 2025/07/24 12:0 a.m.•11 views

gdk-pixbuf2 -- a heap buffer overflow

[email protected] reports: A flaw exists in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads...

7.5CVSS8.1AI score0.00938EPSS

Exploits0References1

OSV•added 2025/07/08 2:15 p.m.•5 views

CVE-2025-7345

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

7.5CVSS7.1AI score0.00938EPSS

Exploits0References15

OSV•added 2025/07/08 2:15 p.m.•3 views

AZL-65034 CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.42.10-4

7.5CVSS7.7AI score0.00938EPSS

Exploits0References1

OSV•added 2025/07/08 2:15 p.m.•2 views

DEBIAN-CVE-2025-7345

7.5CVSS8AI score0.00938EPSS

Exploits0References1

NVD•added 2025/07/08 2:15 p.m.•3 views

CVE-2025-7345

7.5CVSS0.00938EPSS

Exploits0References15

OSV•added 2025/07/08 2:15 p.m.•1 views

UBUNTU-CVE-2025-7345

7.5CVSS7.2AI score0.00938EPSS

Exploits0References6

CVE•added 2025/07/08 1:39 p.m.•72 views

CVE-2025-7345

CVE-2025-7345 affects gdk-pixbuf2 (GNOME GdkPixbuf) and involves a heap buffer overflow in gdk_pixbuf__jpeg_image_load_increment (io-jpeg.c) and glib’s g_base64_encode_step (glib/gbase64.c) when handling crafted JPEGs. Connected advisories confirm the vulnerability can lead to out-of-bounds reads...

7.5CVSS7.6AI score0.00938EPSS

Exploits0References15

Vulnrichment•added 2025/07/08 1:39 p.m.•3 views

CVE-2025-7345 Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf

7.5CVSS8.2AI score0.00938EPSS

Exploits0References14

Positive Technologies•added 2025/07/08 12:0 a.m.•3 views

PT-2025-28458 · Gnome +6 · Glib +7

Name of the Vulnerable Software and Affected Versions: gdk-pixbuf affected versions not specified glib affected versions not specified Description: A flaw exists in gdk-pixbuf and glib, specifically in the gdk pixbuf jpeg image load increment function and g base64 encode step, respectively. When...

7.5CVSS7.4AI score0.00938EPSS

Exploits0References50

Vulnrichment•added 2025/07/03 7:46 p.m.•9 views

CVE-2025-34061 PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without...

9.3CVSS8.1AI score0.76299EPSS

Exploits0References2

CVE•added 2025/07/03 7:46 p.m.•31 views

CVE-2025-34061

Summary of CVE-2025-34061 (PHPStudy backdoor RCE) : A backdoor in PHPStudy versions 2016–2018 allows unauthenticated remote code execution by decoding and executing base64-encoded PHP payloads sent in the Accept-Charset HTTP header, running as the web server user. This is triggered by requests co...

9.3CVSS8.3AI score0.76299EPSS

Exploits0References2

NVD•added 2025/07/03 12:15 p.m.•2 views

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

6.5CVSS0.00234EPSS

Exploits0References6

CVE•added 2025/07/03 11:20 a.m.•24 views

CVE-2025-1709

CVE-2025-1709 concerns Endress+Hauser MEAC300-FNADE4: information disclosure caused by local PostgreSQL credentials stored in plaintext (partially base64 encoded). Several connected sources reiterate that credentials are exposed, impacting confidentiality. Root cause: credentials stored in plaint...

6.5CVSS6.3AI score0.00234EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2025/06/27 12:31 a.m.•6 views

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

5.5CVSS7AI score0.00081EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2025/06/27 12:0 a.m.•7 views

RabbitMQ < 3.13.8 (GHSA-gh3x-4x42-fvq8)

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

6.7CVSS5.4AI score0.00062EPSS

Exploits1References2

Packet Storm News•added 2025/06/25 12:0 a.m.•1 views

Measuring Modern Phishing Tactics: a Quantitative Study of Body Obfuscation Prevalence, Co-Occurrence, and Filter Impact

Phishing attacks frequently use email body obfuscation to bypass detection filters, but quantitative insights into how techniques are combined and their impact on filter scores remain limited. This paper addresses this gap by empirically investigating the prevalence, co-occurrence patterns, and...

6.9AI score

Exploits0