Lucene search
K

234 matches found

OSV
OSV
β€’added 2026/06/25 10:34 p.m.β€’3 views

GO-2026-5636 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg

Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
β€’added 2026/06/23 12:0 a.m.β€’16 views

VulnCheck KEV: CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.1AI score0.0295EPSS
In wildExploits2References12
GithubExploit
GithubExploit
β€’added 2026/06/13 11:14 a.m.β€’86 views

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...

7.8CVSS8.3AI score0.99981EPSS
Exploits39
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:50 p.m.β€’11 views

CVE-2026-7580

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 i...

5.3CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:23 p.m.β€’9 views

CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS6.2AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:16 p.m.β€’9 views

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References1
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:13 p.m.β€’9 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS5.6AI score0.00611EPSS
Exploits1References1
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:13 p.m.β€’9 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS5.6AI score0.00347EPSS
Exploits1References1
GithubExploit
GithubExploit
β€’added 2026/05/30 6:54 a.m.β€’124 views

Exploit for OS Command Injection in Thecodingmachine Gotenberg

POCCVE-2026-42589 Local reproduction lab and nuclei template...

9.8CVSS6.4AI score0.0295EPSS
Exploits2
GithubExploit
GithubExploit
β€’added 2026/05/22 2:3 a.m.β€’98 views

Exploit for Command Injection in Exiftool_Project Exiftool

⚠️ Security Research & Legal Disclaimer πŸ“Œ Purpose of This...

8.8CVSS6.7AI score0.03411EPSS
Exploits2
Securelist
Securelist
β€’added 2026/05/20 9:2 a.m.β€’17 views

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

8.8CVSS7.2AI score0.03411EPSS
Exploits2
AstraLinux
AstraLinux
β€’added 2026/05/20 5:53 a.m.β€’7 views

Astra Linux – Vulnerability in libimage-exiftool-perl

A vulnerability was detected in ExifTool version 13.53. The issue affects the Processmrld function in the lib/Image/ExifTool/GM.pm file, specifically in the JPEG/QuickTime/MOV/MP4 component. Manipulating the -ee argument leads to code injection. Local attacks are required to exploit this...

5.3CVSS6AI score0.0018EPSS
Exploits0References1
AstraLinux
AstraLinux
β€’added 2026/05/20 5:53 a.m.β€’5 views

Astra Linux – Vulnerability in libimage-exiftool-perl

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and above allows arbitrary code execution when parsing the malicious image...

7.8CVSS8.6AI score0.99981EPSS
Exploits39References2
RedhatCVE
RedhatCVE
β€’added 2026/05/15 7:57 p.m.β€’11 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
NVD
NVD
β€’added 2026/05/14 4:16 p.m.β€’36 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS0.0029EPSS
Exploits1References1
NVD
NVD
β€’added 2026/05/14 4:16 p.m.β€’32 views

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS0.0295EPSS
Exploits2References1
NVD
NVD
β€’added 2026/05/14 4:16 p.m.β€’35 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS0.00347EPSS
Exploits1References1
Cvelist
Cvelist
β€’added 2026/05/14 3:36 p.m.β€’63 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS0.0029EPSS
Exploits1References1
EUVD
EUVD
β€’added 2026/05/14 3:36 p.m.β€’14 views

EUVD-2026-30316

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
Vulnrichment
Vulnrichment
β€’added 2026/05/14 3:36 p.m.β€’9 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
Rows per page
Query Builder