CVE-2026-10812

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

CVE-2026-10812

CVE-2026-10812 affects zilliztech GPTCache up to 0.1.44. The vulnerability concerns the function BufferedReader.peek in gptcache/processor/pre.py within the Cache Key Handler. By manipulating input_data["image"], a weak hash is used. Exploitation is described as local, high complexity, and public...

EUVD-2026-34272

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

CVE-2026-10812 zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

CVE-2026-10812

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...

EUVD-2026-27275

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

[SECURITY] Fedora 44 Update: OpenImageIO-3.1.12.0-2.fc44

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

MiracleLinux 3 : libtiff-3.8.2-19.AXS3 (AXSA:2014-240:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-240:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processimageinput in the idefics3 model implementation. An attacker can cause the server...

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

Important: libcurand-13-0

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. CVE-2025-23248 NVIDIA...

Amazon Linux 2 : LibRaw, --advisory ALAS2-2025-3016 (ALAS-2025-3016)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3016 advisory. There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitra...

CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG...

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework...

Multiple Apple products suffer from an out-of-bounds write vulnerability

iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for the iPad. iPhone OS is Apple's operating system for the iPhone and iPod touch. macOS is a set of Apple-developed MacOS is an operating system developed by Apple that runs on the Macintosh family of...

Linux Distros Unpatched Vulnerability : CVE-2022-21365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are...

CVE-2024-53901

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim method is called on a crafted input image...

UBUNTU-CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...