Lucene search
K

2262 matches found

Tenable Nessus
Tenable Nessus
added 2 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per- glyph images into a combined bitmap with Image.new1, xsize,...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
NVD
NVD
added 3 days ago7 views

CVE-2026-6382

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

9.1CVSS0.00902EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-6382

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-6382 Multiple elFinder Plugins - Authenticated OS Command Injection

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

0.00902EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-6382

The CVE affects multiple elFinder-based WordPress plugins: FileOrganizer (before 1.1.9), Advanced File Manager (before 5.4.12), File Manager Pro (before 2.1.1), and File Manager (before 8.0.4). The root cause is improper escaping of a parameter passed to a shell command during image operations, e...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-56361

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

7.1CVSS6AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.28 views

CVE-2026-56363 ImageMagick - Division by Zero in Binomial Kernel Processing

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash...

4.8CVSS0.00111EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 10:3 a.m.7 views

ImageMagick: ImageMagick: Denial of Service via crafted DCM image with invalid dimensions

A flaw was found in ImageMagick. A missing check in the DCM Digital Imaging and Communications in Medicine decoder allows a remote attacker to provide a specially crafted image with invalid dimensions. This can lead to crashes in other operations, resulting in a denial of service DoS for the...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 9:12 a.m.2 views

SUSE-SU-2026:22378-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues Security issues: - CVE-2026-42050: Stack buffer overflow in XTileImage bsc1265048. - CVE-2026-42326: Information disclosure via malicious IPTC input file bsc1268092. - CVE-2026-45031: Denial of Service due to resource policy bypass in PSD...

9.1CVSS6.5AI score0.01849EPSS
Exploits4References65
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, the MSL interpreter would crash when processing an invalid element, causing it to use an image after it had been freed. Versions 7.1.2-15 and 6.9.13-40 include a...

5.3CVSS7.2AI score0.0045EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 10:46 p.m.8 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS6.6AI score0.01052EPSS
Exploits1References10
OSV
OSV
added 2026/06/23 3:41 p.m.4 views

SUSE-SU-2026:2599-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.2AI score0.01073EPSS
Exploits1References11
OSV
OSV
added 2026/06/23 1:25 p.m.2 views

SUSE-SU-2026:2580-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. -...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References59
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Rails

There is a code injection vulnerability in Active Storage version 5.2.0 and later, which could allow an attacker to execute code through imageprocessing arguments...

9.8CVSS6.9AI score0.02742EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Blender

An integer overflow in the processing of loaded 2D images leads to a “write-what-where” vulnerability and an “out-of-bounds read” vulnerability. This allows attackers to leak sensitive information or execute code within the Blender process when a specially crafted image file is loaded. This flaw...

7.8CVSS7.2AI score0.0112EPSS
Exploits0References2
Redos
Redos
added 2026/06/18 12:0 a.m.7 views

ROS-20260618-73-0008

The vulnerability of the ReadXBMImage function in the console-based ImageMagick graphics editor is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

9.8CVSS5.9AI score0.00609EPSS
Exploits1
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 10:7 a.m.5 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:7 a.m.23 views

CVE-2026-12491

CVE-2026-12491 affects the vLLM library used for LLM inference. The issue stems from improper handling of image metadata during image processing, specifically EXIF orientation and PNG transparency (tRNS). When converting images to RGB, transparency information may be discarded or remapped, causin...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 10:7 a.m.12 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.3AI score0.00239EPSS
Exploits0References3
Rows per page
Query Builder