3860 matches found
NULL Pointer Dereference
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...
NULL Pointer Dereference
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
GHSA-5VX3-WX4Q-6CJ8 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the MSL parser when processing a tag before any image is loaded. An attacker can cause a crash and denial of service by submitting a specially crafted MSL file that triggers a NULL pointer dereference during...
CVE-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...
CVE-2025-11468
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...
CVE-2026-21875
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
CVE-2025-67025: Cross Site Scripting in Anycomment (anycomment.io) version 0.4.4 allows a remote attacker to run arbitrary code via the comment section. Affected product is Anycomment.io; root cause is XSS in the comment handling. Documented impact is execution of arbitrary code; no patch/version...
AnyComment security vulnerability
AnyComment is an embedded comment system tool developed by the Russian company AnyComment. Version 0.4.4 of AnyComment contains a security vulnerability; this vulnerability arises from the lack of input cleaning in the comment section, which may lead to cross-site scripting attacks...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
EUVD-2026-2716
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
PT-2026-3113
Name of the Vulnerable Software and Affected Versions Anycomment version 0.4.4 Description A Cross Site Scripting issue exists in Anycomment. This allows a remote attacker to execute arbitrary code through the Anycomment comment section. Recommendations At the moment, there is no information abou...
CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...
CVE-2026-22869
Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...