634 matches found
@antv/l7 (>=1.1.11 <=2.7.22), @antv/l7-layers (>=2.5.37-mini2 <=2.8.35) +13 more potentially affected by unknown CVE via @antv/geo-coord (=1.0.8)
@antv/geo-coord NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/geo-coord and may be impacted: - @antv/l7 =1.1.11, =2.5.37-mini2, =2.5.45, =2.5.45, =2.5.45, =2.3.2, =2.8.35, =2.8.35, =2.8.35, =2.3.2, =1.0.0, =0.1.0, =1.0.0,...
PT-2026-40313
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...
CVE-2026-42309
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...
CVE-2026-42309
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...
CVE-2026-42309
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...
GHSA-5QV7-J6W5-FR4M imageproc has fragile bounds check when sampling from image
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the...
GHSA-5XMW-VC9V-4WF2 Pillow has a heap buffer overflow with nested list coordinates
Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the TShape process in the VRML parser when coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing. An attack...
DEBIAN-CVE-2026-42479
An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...
CVE-2026-42479
An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...
RUSTSEC-2026-0115 Fragile bounds check when sampling from image
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the...
Fragile bounds check when sampling from image
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the...
PT-2026-36478
An out-of-bounds read vulnerability in VrmlData IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V8 0 0 rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...
EUVD-2026-26602
An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...
Open Cascade OCCT 缓冲区错误漏洞
Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from an out-of-bounds read issue in the VrmlDataIndexedLineSet::TShape function in the VRML parser, as the...
CVE-2026-42479
An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...
EUVD-2026-23180
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581
The CVE-2026-3581 entry concerns the Basic Google Maps Placemarks plugin for WordPress. Affected component: the plugin itself (WordPress plugin for map placemarks). Root cause: authorization bypass due to improper verification of user permissions, leading to unauthenticated users being able to mo...
WordPress Basic Google Maps Placemarks plugin <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability
Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Basic Google Maps Placemarks versions = 1.10.7...
openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...