Lucene search
K

233 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 3:18 p.m.6 views

CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS6AI score0.00347EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 3:18 p.m.20 views

CVE-2026-40893

CVE-2026-40893 (Gotenberg/ExifTool blocklist bypass) Prior to 8.31.0, Gotenberg’s metadata processing only blocked the bare tag name (FileName), allowing group-prefixed tags like System:FileName to bypass the blocklist, enabling remote attackers to rename, move, or alter file permissions within t...

8.2CVSS6AI score0.00347EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:18 p.m.56 views

CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS0.00347EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:18 p.m.3 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS6AI score0.00347EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:11 p.m.52 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS0.0295EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:11 p.m.6 views

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 3:11 p.m.7 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References1
CVE
CVE
added 2026/05/14 3:11 p.m.22 views

CVE-2026-42589

Gotenberg CVE-2026-42589: The issue is an unauthenticated remote code execution in Gotenberg

9.8CVSS6AI score0.0295EPSS
In wildExploits2References1Affected Software1
GithubExploit
GithubExploit
added 2026/05/14 11:44 a.m.109 views

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...

7.8CVSS7.7AI score0.99981EPSS
Exploits39
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Gotenberg 操作系统命令注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 10:22 p.m.17 views

CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:59 p.m.33 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:59 p.m.19 views

CVE-2026-43893

CVE-2026-43893 affects the node package exiftool-vendored , which starts ExifTool in -stay_open True -@ - mode and reads arguments from stdin. In affected versions prior to 35.19.0, attacker-controlled strings could contain line delimiters, causing a single argument to split into multiple ExifToo...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:59 p.m.7 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

exiftool-vendored 参数注入漏洞

exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the “-stayopen True -” mode, where strings...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 12:31 p.m.7 views

OESA-2026-2224 perl-Image-ExifTool security update

ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...

5.3CVSS5.5AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:31 p.m.25 views

OESA-2026-2223 perl-Image-ExifTool security update

ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...

5.3CVSS5.5AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:31 p.m.12 views

OESA-2026-2222 perl-Image-ExifTool security update

ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...

5.3CVSS5.7AI score0.0018EPSS
Exploits0References2
Rows per page
Query Builder