macOS 26.x < 26.5 Multiple Vulnerabilities (127115)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.5. It is, therefore, affected by multiple vulnerabilities: - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitializ...

📄 Craft CMS 5.0 Logic Flaw

A flaw in the Craft CMS image transform endpoint allows an unauthenticated attacker to trigger backend processing without prior authentication. While the original Metasploit module targeted remote code execution, this proof of concept does not execute code, does not write files, and does not inje...

📄 Craft CMS Image Transform Pre-Authenticaton Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 3.x, 4.x, and 5.x prior to 5.6.17 via the image transform endpoint. It injects a PHP Meterpreter payload into the Craft session, then triggers its execution by abusing the Yii behavior...

CVE-2021-44342

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function okpngtransformscanline in "/okpng.c:494"...

Oracle Java AWT Image Transform Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java AWT Image...