Lucene search
+L

429 matches found

Patchstack
Patchstack
added yesterday6 views

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes vulnerability discovered by ? in WordPress Npm exifreader versions = 4.40.0...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...

5.6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1014 TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`

Impact When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=1, 3, 2, 3, shape=1, 3, 2, 3, dtype=tf.half...

5.9CVSS5.9AI score0.00411EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/06/30 5:45 p.m.16 views

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the...

6.5AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in libheif

libheif is a decoder and encoder for HEIF and AVIF file formats. Prior to version 1.21.0, a crafted HEIF file that used overlay image item paths triggered a heap buffer overflow in HeifPixelImage::overlay. This function calculated a negative row length likely derived from an unclipped overlay...

7.1CVSS6.3AI score0.00267EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.11 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/15 12:0 p.m.11 views

EUVD-2016-10895

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 10:3 a.m.11 views

EUVD-2026-36706

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket...

7.1CVSS5.4AI score0.00335EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 9:17 p.m.17 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/09 7:57 p.m.11 views

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

8.7CVSS5.5AI score0.0064EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 7:57 p.m.104 views

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.56 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 a.m.22 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
CVE
CVE
added 2026/06/02 7:48 a.m.23 views

CVE-2026-8422

CVE-2026-8422 concerns the WordPress plugin Remove meta boxes per user role (versions up to and including 1.01). The vulnerability stems from missing or incorrect nonce validation on the remove-meta-boxes-per-user-role page, enabling CSRF. This could allow unauthenticated attackers to modify or r...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.24 views

PT-2026-45709

Name of the Vulnerable Software and Affected Versions Remove meta boxes per user role versions prior to 1.02 Description The plugin is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into executing an unwanted action. This occurs due to missing or incorrect nonce...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

WordPress plugin Remove meta boxes per user role 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/01 7:43 p.m.13 views

WordPress Remove meta boxes per user role plugin <= 1.01 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Remove meta boxes per user role versions = 1.01...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder