Lucene search
K

1931 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-57403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57403

The CVE-2026-57403 entry concerns the WordPress plugin “GD Security Headers” (GD Security Headers) with versions

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57403 WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added last week6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/06 8:42 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the GdImageFile.open process. An attacker can cause excessive memory allocation by supplying a crafted .gd file that bypasses decompression bomb checks. Remediation Upgrade pillow to versio...

8.7CVSS6AI score0.00361EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 7:17 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/06 6:50 p.m.18 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/06 6:50 p.m.6 views

EUVD-2026-41901

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
CVE
CVE
added 2026/07/06 6:0 a.m.17 views

CVE-2026-6382

The CVE affects multiple elFinder-based WordPress plugins: FileOrganizer (before 1.1.9), Advanced File Manager (before 5.4.12), File Manager Pro (before 2.1.1), and File Manager (before 8.0.4). The root cause is improper escaping of a parameter passed to a shell command during image operations, e...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55965

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description In the Python imaging library, the GdImageFile. open function in PIL/GdImageFile.py reads image dimensions from the GD 2.x header and stores them in self. size without invoking Image. decompression...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References7
Patchstack
Patchstack
added 2026/07/02 12:6 p.m.5 views

WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin GD Rating System versions = 3.7...

8.5CVSS6AI score0.00253EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2026/06/19 1:10 a.m.16 views

[SECURITY] Fedora 43 Update: perl-GD-2.86-1.fc43

This is a auto-loadable interface module for GD, a popular library for creating and manipulating PNG files. With this library you can create PNG images on the fly or modify existing files...

9.8CVSS5.1AI score0.01353EPSS
Exploits1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-42639

CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2026/06/14 12:16 p.m.7 views

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS5.5AI score0.01353EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 11:39 a.m.52 views

CVE-2026-11526

The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...

9.8CVSS5.4AI score0.01353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/14 11:39 a.m.8 views

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/14 11:39 a.m.14 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/14 11:39 a.m.37 views

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

0.01353EPSS
Exploits0References2
Rows per page
Query Builder