CVE-2026-44205

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

Infinite loop

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Infinite loop

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. The server did not properly verify the...

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

PT-2026-41803

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A crafted MSL image can trigger a heap-use-after-free, which occurs when an application continues to use a pointer after the memory it points to has been freed...

Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:Memo...

CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-35183

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

PT-2026-30715

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20458-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20458-1 advisory. - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125 Tenable has extracted the preceding description...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the uploadimage process in the Feishu extension. An attacker can access arbitrary files outside the intended file-system sandbox by submitting crafted upload...

@aneoconsultingfr/armonik-docs-theme (>=0.6.0 <=0.6.15), @avion-block/usebootstrap (>=4.0.0 <=4.0.3) +83 more potentially affected by CVE-2026-34404 via nuxt-og-image (>=0.4.7 <=5.1.9)

nuxt-og-image NPM version =0.4.7, =0.6.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0-29145064.1c5c263, =1.6.0, =21.0.0-beta.12 and more Source cves: CVE-2026-34404 Source advisory: OSV:GHSA-C7XP-Q6Q8-HG76...

CVE-2026-5186

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbiloadgifmain of the file stbimage.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and...

@edropin/canvas (>=1.1.0 <=2.0.0), @launchtray/hatch-test-pdf (>=0.11.2 <=0.23.0-alpha.17) +15 more potentially affected by CVE-2026-26830 via pdf-image (>=1.1.0 <=2.0.0)

pdf-image NPM version =1.1.0, =1.1.0, =0.11.2, =0.2.0, =0.0.2, =0.13.0-beta.1, =0.0.2, =0.0.12, =0.19.5, =0.0.2, =0.1.1, =0.3.0, =0.1.1, =1.0.0, =1.0.0, =1.0.5 and more Source cves: CVE-2026-26830 Source advisory: OSV:GHSA-Q5MH-72XG-628W...

CVE-2019-25556

CVE-2019-25556 concerns TwistedBrush Pro Studio 24.06. A denial-of-service vulnerability exists in the Resize Image function: supplying a maliciously long string in the New Width or New Height fields can trigger a buffer overflow and crash the application. The attack is local (no user interaction...

CVE-2019-25556 TwistedBrush Pro Studio 24.06 Resize Image Denial of Service

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

EulerOS Virtualization 2.12.1 : libpng (EulerOS-SA-2026-1437)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...