Lucene search
K

591143 matches found

RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.9 views

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7.9AI score0.00755EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.8 views

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.8 views

gimp: GIMP: Remote Code Execution via malicious JP2 file parsing

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS8AI score0.00744EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.8 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.8AI score0.00596EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49336

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A heap buffer overflow exists in the librfb RFB/VNC client component of GStreamer. The issue occurs because the rectangle bounds check validates the total area instead of individual...

8.8CVSS6.2AI score0.00489EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.27 views

CVE-2026-50873

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

0.0056EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

RHEL 9 : gimp (RHSA-2026:25901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25901 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

7.8CVSS6.2AI score0.00755EPSS
Exploits1References12
CVE
CVE
added 2026/06/15 12:0 a.m.15 views

CVE-2026-36933

The CVE-2026-36933 issue affects Boyleep K11 y108 firmware v2.3.0.11291. A physically proximate attacker can execute arbitrary code via the factory test feature. The impact is described as high for confidentiality, integrity, and availability; the root cause is tied to the factory test feature, w...

6.8CVSS5.9AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 12:0 a.m.4 views

ALSA-2026:26008 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

8.8CVSS6.5AI score0.02995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49297

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.3AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49203

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.4AI score0.00445EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.6 views

PT-2026-49313

Name of the Vulnerable Software and Affected Versions fossar selfoss version 2.20-SNAPSHOT Description An issue in the loopback request handling component allows attackers to execute arbitrary commands and obtain sensitive information by supplying a crafted HTTP request. Recommendations At the...

9.8CVSS6.1AI score0.0056EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-50872

The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...

9.8CVSS5.8AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

0.00374EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49218

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp...

6.9CVSS5.6AI score0.0039EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49576

Name of the Vulnerable Software and Affected Versions Vitest affected versions not specified Description Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the browser WebSocket RPC. This API is not restricted by the browser.api.allowWrite,...

9.8CVSS6.1AI score0.00089EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49568

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue in the @angular/core package allows bypassing script-execution restrictions during...

5.3CVSS6AI score0.00238EPSS
Exploits0References6
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0001

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.7CVSS7.8AI score0.00467EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0003

The vulnerability in freerdp is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.7CVSS8.1AI score0.00467EPSS
Exploits0
Rows per page
Query Builder