Lucene search
K

20 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 4:27 a.m.8 views

CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
CVE
CVE
added 2026/05/07 4:27 a.m.22 views

CVE-2026-7252

CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/27 12:31 a.m.6 views

EUVD-2026-16450

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 11:10 p.m.3 views

CVE-2026-3650

A flaw was found in the Grassroots DICOM library GDCM. This memory leak vulnerability occurs when the library processes maliciously crafted DICOM files containing non-standard value representation VR types in their file meta-information. A remote attacker can exploit this by providing such a file...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References6
NVD
NVD
added 2026/03/26 10:16 p.m.6 views

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 10:16 p.m.3 views

DEBIAN-CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS5.3AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 10:16 p.m.3 views

UBUNTU-CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/26 9:10 p.m.2 views

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS5.3AI score0.00358EPSS
Exploits0
Snyk
Snyk
added 2026/03/26 9:10 p.m.2 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime during handling of DICOM files containing non-standard VR types in their file meta-information. An attacker can cause excessive memory consumption and resource exhaustion by supplying a...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 9:10 p.m.21 views

CVE-2026-3650 Grassroots DICOM Missing release of memory after effective lifetime

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS0.00358EPSS
Exploits0References3
NVD
NVD
added 2024/08/26 11:15 a.m.18 views

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

4.7CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2024/08/26 10:10 a.m.15 views

CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

4.7CVSS6AI score0.00225EPSS
Exploits0References6
OSV
OSV
added 2024/02/20 11:15 a.m.2 views

CVE-2024-24793

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...

9.8CVSS7.3AI score0.01054EPSS
Exploits1References2
Prion
Prion
added 2024/02/20 11:15 a.m.17 views

Design/Logic Flaw

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...

5.1CVSS7.2AI score0.01054EPSS
Exploits1References1
Talos
Talos
added 2024/02/20 12:0 a.m.74 views

Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities

Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imagi...

9.8CVSS8.3AI score0.01054EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.4 views

PT-2024-1887 · Libdicom · Libdicom

Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...

9.8CVSS9.4AI score0.01054EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12465

Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin for WordPress versions up to and including 18.2 Description The issue is related to a lack of authentication protections, capability checks, and sanitization in the wpfm file meta update AJAX action. This allows...

9.8CVSS7.2AI score0.01522EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/04/01 2:6 a.m.2 views

SUSE CVE-2023-28646

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

4.4CVSS6.4AI score0.00229EPSS
Exploits0References3
Prion
Prion
added 2023/01/02 7:15 p.m.18 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local...

1.4CVSS6.9AI score0.00399EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...

8.8CVSS8AI score0.82736EPSS
Exploits7References1
Rows per page
Query Builder