CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

CVE-2026-53779

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS0.00408EPSS

Exploits0References3

EUVD•added 3 days ago•6 views

EUVD-2026-38340

8.7CVSS6AI score0.00408EPSS

Exploits0References3

Cvelist•added 3 days ago•37 views

CVE-2026-53779 WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows

8.7CVSS0.00408EPSS

Exploits0References3

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

Podman 4.8.0 < 5.8.2 PowerShell Command Injection (GHSA-hc8w-h2mf-hp59)

The version of Podman installed on the remote Windows host is prior to 5.8.2. It is, therefore, affected by a command injection vulnerability in the HyperV machine backend. - A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShe...

7.8CVSS6AI score0.0051EPSS

Exploits0References2

Positive Technologies•added 2026/05/15 12:0 a.m.•8 views

PT-2026-41299

Name of the Vulnerable Software and Affected Versions Imager versions prior to 1.031 Description Imager for Perl allows a heap out of bounds OOB write—a memory corruption where data is written outside the boundaries of an allocated heap buffer—when processing crafted multi-frame GIF files. The i...

6.5CVSS5.9AI score0.00321EPSS

Exploits0References7

SUSE CVE•added 2026/05/13 2:22 p.m.•7 views

SUSE CVE-2026-42309

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

8.6CVSS5.8AI score0.00133EPSS

Exploits0References3

OSV•added 2026/05/12 8:54 a.m.•5 views

BIT-PILLOW-2026-42309 Pillow: Heap buffer overflow with nested list coordinates

5.5CVSS5.8AI score0.00133EPSS

Exploits0References3

CVE•added 2026/05/09 4:8 a.m.•21 views

CVE-2026-42309

CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...

5.5CVSS5.8AI score0.00133EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2026/05/08 2:22 a.m.•7 views

SUSE CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.8CVSS6.1AI score0.0051EPSS

Exploits0References2

RedHat Linux•added 2026/05/04 11:37 p.m.•5 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.7AI score0.00683EPSS

Exploits0References7

Snyk•added 2026/05/04 8:18 p.m.•8 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line, all of which accept nested coordinates as input. An attacker can cause denial of service by supplying nested lists as coordinates,...

8.6CVSS5.8AI score0.00133EPSS

Exploits0References2

Positive Technologies•added 2026/05/04 12:0 a.m.•8 views

PT-2026-37198

Name of the Vulnerable Software and Affected Versions Pillow versions 11.2.1 through 12.1.x Description Passing nested lists as coordinates to APIs that accept coordinates, such as 'ImagePath.Path', 'ImageDraw.ImageDraw.polygon', and 'ImageDraw.ImageDraw.line', can cause a heap buffer overflow...

9.8CVSS6.5AI score0.00222EPSS

Exploits1References51

Packet Storm•added 2026/04/27 12:0 a.m.•140 views

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

9.8CVSS5.4AI score0.01706EPSS

Exploits3

RedhatCVE•added 2026/04/15 6:11 p.m.•4 views

CVE-2026-33414

A flaw was found in Podman, a tool for managing containers. This vulnerability, located in the HyperV machine backend, allows for command injection. An attacker who can manipulate the virtual machine VM image path can inject and execute arbitrary PowerShell commands. This could lead to unauthoriz...

8.8CVSS6.3AI score0.0051EPSS

Exploits0References5

NVD•added 2026/04/14 11:16 p.m.•1 views

CVE-2026-33414

7.8CVSS0.0051EPSS

Exploits0References2

OSV•added 2026/04/14 11:16 p.m.•3 views

DEBIAN-CVE-2026-33414

7.8CVSS6AI score0.0051EPSS

Exploits0References1