CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

230 matches found

Positive Technologies•added 2026/05/14 12:0 a.m.•4 views

PT-2026-41170

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An application-wide Cross-Site Request Forgery CSRF issue exists in the image uploading functionality. An attacker can set an image URL to a malicious endpoint, causing any authenticated user who...

4.6CVSS5.8AI score0.00006EPSS

Exploits1References6

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в sdl-image1.2

A vulnerable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating a buffer that is too small. This buffer can then be written beyond its boundaries, leading to ...

8.8CVSS7.9AI score0.01319EPSS

Exploits1References1

Snyk•added 2026/04/16 6:31 p.m.•3 views

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

6.9CVSS5.6AI score0.00013EPSS

Exploits0References2

NVD•added 2026/04/16 6:16 p.m.•3 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS0.00013EPSS

Exploits0References2

The Hacker News•added 2026/03/10 1:20 p.m.•4 views

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been...

6.2AI score

Exploits0

Snyk•added 2026/02/26 3:13 a.m.•2 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the inferSize option that fetches remote images at render time to determine their dimensions. An...

7.2CVSS6AI score0.00076EPSS

Exploits1References2

Packet Storm•added 2025/12/22 12:0 a.m.•131 views

📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read

An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...

7.1CVSS6.5AI score0.00032EPSS

Exploits5

Jake Archibald's Blog•added 2025/10/15 1:0 a.m.•4 views

The present and potential future of progressive image rendering

Progressive image formats allow the decoder to create a partial rendering when only part of the image resource is available. Sometimes it's part of the image, and sometimes it's a low quality/resolution version of the image. I've been digging into it recently, and I think there are some common...

6AI score

Exploits0