Lucene search
+L

1941 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

Exploits0References2
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

Exploits0References2
CVE
CVE
added 2 hours ago5 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.4AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

RLSA-2026:39127 Important: python-pillow security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.6AI score0.00364EPSS
Exploits4References5
Rockylinux
Rockylinux
added 2 days ago4 views

python-pillow security update

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

7.5CVSS6.6AI score0.00364EPSS
Exploits4
NVD
NVD
added 4 days ago4 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

SUSE-SU-2026:2875-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-54059: crafted PCF font data can cause excessive memory allocation bsc1270409. - CVE-2026-54060: a font can trigger excessive allocation during conversion or saving bsc1270410. - CVE-2026-55379: bypass of decompression bomb...

7.5CVSS6.1AI score0.00364EPSS
Exploits4References9
CVE
CVE
added 4 days ago8 views

CVE-2026-57403

The CVE-2026-57403 entry concerns the WordPress plugin “GD Security Headers” (GD Security Headers) with versions

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57403 WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD Security Headers: from n/a through = 1.8...

7.1CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 9:38 a.m.2 views

OPENSUSE-SU-2026:21296-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-42311: malicious PSD file processing can lead to arbitrary code execution bsc1270404. - CVE-2026-54059: crafted PCF font data can cause excessive memory allocation bsc1270409. - CVE-2026-54060: fonts can trigger excessive memory...

8.6CVSS6.5AI score0.00364EPSS
Exploits4References10
OSV
OSV
added 2026/07/08 11:34 a.m.6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/06 8:42 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the GdImageFile.open process. An attacker can cause excessive memory allocation by supplying a crafted .gd file that bypasses decompression bomb checks. Remediation Upgrade pillow to versio...

8.7CVSS6AI score0.00361EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 7:17 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/06 6:50 p.m.5 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6.1AI score0.00361EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/07/06 6:50 p.m.6 views

EUVD-2026-41901

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
CVE
CVE
added 2026/07/06 6:50 p.m.21 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/06 6:0 a.m.20 views

CVE-2026-6382

The CVE affects multiple elFinder-based WordPress plugins: FileOrganizer (before 1.1.9), Advanced File Manager (before 5.4.12), File Manager Pro (before 2.1.1), and File Manager (before 8.0.4). The root cause is improper escaping of a parameter passed to a shell command during image operations, e...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55965

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description In the Python imaging library, the GdImageFile. open function in PIL/GdImageFile.py reads image dimensions from the GD 2.x header and stores them in self. size without invoking Image. decompression...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References39
Rows per page
Query Builder