20 matches found
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252
CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...
EUVD-2026-16450
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
CVE-2026-3650
A flaw was found in the Grassroots DICOM library GDCM. This memory leak vulnerability occurs when the library processes maliciously crafted DICOM files containing non-standard value representation VR types in their file meta-information. A remote attacker can exploit this by providing such a file...
CVE-2026-3650
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
DEBIAN-CVE-2026-3650
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
UBUNTU-CVE-2026-3650
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
CVE-2026-3650
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime during handling of DICOM files containing non-standard VR types in their file meta-information. An attacker can cause excessive memory consumption and resource exhaustion by supplying a...
CVE-2026-3650 Grassroots DICOM Missing release of memory after effective lifetime
A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...
CVE-2024-43891
In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...
CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED
In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...
CVE-2024-24793
A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...
Design/Logic Flaw
A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...
Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities
Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imagi...
PT-2024-1887 · Libdicom · Libdicom
Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...
PT-2023-12465
Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin for WordPress versions up to and including 18.2 Description The issue is related to a lack of authentication protections, capability checks, and sanitization in the wpfm file meta update AJAX action. This allows...
SUSE CVE-2023-28646
Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local...
VulnCheck KEV: CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...