493 matches found
PUB-A-418774137
In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...
Linux Distros Unpatched Vulnerability : CVE-2021-37220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, fo...
Linux Distros Unpatched Vulnerability : CVE-2009-3604
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocat...
Linux Distros Unpatched Vulnerability : CVE-2023-39978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service memory consumption in Magick::Draw. CVE-2023-39978 Note that Nessus relies on the...
Malicious code in draw-with-twilio (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 423b3d27265f2438de29b913385910b4d4eef30e2934306c1951196ab07f4a5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2025-48379
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...
Pillow 安全漏洞
Pillow is a Python-based image processing library from the Pillow open source. A security vulnerability exists in Pillow versions prior to 11.2.0 through 11.3.0, which stems from a heap buffer overflow when writing images in DDS format, which could lead to the execution of arbitrary code...
CVE-2023-24200
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at saveticket.php...
CVE-2023-24201
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at getticket.php...
CVE-2023-24199
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at deleteticket.php...
CVE-2023-24198
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at savewinner.php via the ticketid and draw parameters...
CVE-2023-46616
Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15...
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2022-35109
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via drawstroke at /gfxpoly/stroke.c...
CVE-2021-38107
CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue...
CVE-2025-30420
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user t...
CVE-2025-24907
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi Vantara...
CVE-2025-39436
Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through = 1.0...
WordPress I Draw 1.0 Shell Upload
WordPress I Draw plugin version 1.0 suffers from a remote shell upload vulnerability...
Exploit for CVE-2025-39436
🚨 WordPress Plugin Exploit: CVE-2025-39436 📝 Description A...