Lucene search
K

493 matches found

OSV
OSV
added 2025/09/01 12:0 a.m.5 views

PUB-A-418774137

In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...

7.3CVSS7.3AI score0.0008EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-37220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, fo...

5.5CVSS5.6AI score0.01331EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2009-3604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocat...

9.3CVSS6.5AI score0.08703EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-39978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service memory consumption in Magick::Draw. CVE-2023-39978 Note that Nessus relies on the...

3.3CVSS5.3AI score0.00312EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/02 8:50 a.m.2 views

Malicious code in draw-with-twilio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 423b3d27265f2438de29b913385910b4d4eef30e2934306c1951196ab07f4a5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/01 7:15 p.m.3 views

UBUNTU-CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

7.1CVSS7AI score0.00259EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.3 views

Pillow 安全漏洞

Pillow is a Python-based image processing library from the Pillow open source. A security vulnerability exists in Pillow versions prior to 11.2.0 through 11.3.0, which stems from a heap buffer overflow when writing images in DDS format, which could lead to the execution of arbitrary code...

7.1CVSS7.2AI score0.00259EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.8 views

CVE-2023-24200

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at saveticket.php...

9.8CVSS8.3AI score0.0089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.7 views

CVE-2023-24201

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at getticket.php...

9.8CVSS8.3AI score0.0089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.8 views

CVE-2023-24199

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at deleteticket.php...

9.8CVSS8.4AI score0.0089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.4 views

CVE-2023-24198

Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at savewinner.php via the ticketid and draw parameters...

9.8CVSS8.5AI score0.00872EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.3 views

CVE-2023-46616

Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15...

5.4CVSS8.5AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.9 views

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS6.5AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.9 views

CVE-2022-35109

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via drawstroke at /gfxpoly/stroke.c...

5.5CVSS7.6AI score0.00284EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.8 views

CVE-2021-38107

CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue...

5.5CVSS6.6AI score0.01533EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 5:15 p.m.5 views

CVE-2025-30420

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user t...

7.8CVSS6AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:51 p.m.8 views

CVE-2025-24907

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi Vantara...

6.8CVSS6.9AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 3:45 p.m.12 views

CVE-2025-39436

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through = 1.0...

9.1CVSS7.2AI score0.00642EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.10 views

WordPress I Draw 1.0 Shell Upload

WordPress I Draw plugin version 1.0 suffers from a remote shell upload vulnerability...

9.1CVSS7.2AI score0.00642EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/04/19 7:56 p.m.433 views

Exploit for CVE-2025-39436

🚨 WordPress Plugin Exploit: CVE-2025-39436 📝 Description A...

9.1CVSS9.5AI score0.00642EPSS
Exploits1
Rows per page
Query Builder