CVE-2026-44666

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

EUVD-2026-30480

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2018-9188

Malware in sbrugna...

EUVD-2018-9192

Malware in sbrugna...

EUVD-2020-14450

Malware in sbrugna...

EUVD-2017-6825

Malware in sbrugna...

EUVD-2018-9186

Malware in sbrugna...

EUVD-2012-2111

Malware in sbrugna...

EUVD-2025-21388

Malicious code in bioql PyPI...

EUVD-2024-1328

Malicious code in bioql PyPI...

CVE-2025-55151 Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. The vulnerability is due to infinite line generation during a specific XMP file conversion command...

GHSA-VMHH-8RXQ-FP9G ImageMagick has XMP profile write that triggers hang due to unbounded loop

Summary Infinite lines occur when writing during a specific XMP file conversion command Details 0 GetXmpNumeratorAndDenominator denominator=, numerator=, value= at MagickCore/profile.c:2578 1 GetXmpNumeratorAndDenominator denominator=, numerator=, value=720000000000000 at MagickCore/profile.c:256...

CVE-2025-53015

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

CVE-2025-53015 ImageMagick has XMP profile write that triggers hang due to unbounded loop

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.1.2-0 that stems from an infinite loop in a specific XMP file conversion command...

PT-2025-29506

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 experience infinite lines during a specific XMP file conversion comman...

PT-2025-15093

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description The issue concerns a remote code execution RCE exploit. Technical details include the use of a vxproj file, conversion to vbs and then to ps1 PowerShell script, and involvement of an asar fil...