DEBIAN-CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via 'uwpcrop' Parameter vulnerability discovered by s00me00ne in WordPress Plugin UsersWP versions = 1.2.58...

CVE-2026-4979

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

gifsicle Security Breach

gifsicle is Gifsicle's handling of GIF image files. A security vulnerability exists in gifsicle version v.1.92, which stems from a vulnerability that allows an attacker to cause a denial of service attack via the --crop parameter in a command line argument...

PT-2023-29303 · Gifsicle +2 · Gifsicle +2

Name of the Vulnerable Software and Affected Versions: Gifsicle versions 1.92 through 1.94 Description: The issue might allow a denial of service due to memory consumption if Gifsicle is deployed in a way that allows untrusted input to affect Gif Realloc calls. However, this has been disputed by...