591143 matches found
Important: Red Hat Security Advisory: gimp security update
An update for gimp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
GIMP: GIMP: Arbitrary code execution via specially crafted PSD file
A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...
gimp: GIMP: Remote Code Execution via malicious JP2 file parsing
A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...
gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow
A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...
PT-2026-49336
Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A heap buffer overflow exists in the librfb RFB/VNC client component of GStreamer. The issue occurs because the rectangle bounds check validates the total area instead of individual...
CVE-2026-50873
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...
CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
RHEL 9 : gimp (RHSA-2026:25901)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25901 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...
CVE-2026-36933
The CVE-2026-36933 issue affects Boyleep K11 y108 firmware v2.3.0.11291. A physically proximate attacker can execute arbitrary code via the factory test feature. The impact is described as high for confidentiality, integrity, and availability; the root cause is tied to the factory test feature, w...
ALSA-2026:26008 Important: redis:6 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
PT-2026-49297
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
PT-2026-49203
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...
PT-2026-49313
Name of the Vulnerable Software and Affected Versions fossar selfoss version 2.20-SNAPSHOT Description An issue in the loopback request handling component allows attackers to execute arbitrary commands and obtain sensitive information by supplying a crafted HTTP request. Recommendations At the...
CVE-2026-50872
The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...
CVE-2026-50883
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...
PT-2026-49218
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp...
PT-2026-49576
Name of the Vulnerable Software and Affected Versions Vitest affected versions not specified Description Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the browser WebSocket RPC. This API is not restricted by the browser.api.allowWrite,...
PT-2026-49568
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue in the @angular/core package allows bypassing script-execution restrictions during...
ROS-20260615-73-0001
The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0003
The vulnerability in freerdp is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...