Lucene search
+L

340 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/07 12:0 a.m.6 views

The vulnerability of the command-line image editing tool Sips in macOS operating systems allows a hacker to trigger a service failure.

The vulnerability of the command-line image editing tool Sips in macOS operating systems is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

10CVSS5.4AI score0.00275EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-39344

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description An integer overflow exists in the WBMP file parsing functionality of GIMP. This issue could allow for remote code execution. Recommendations At the moment, there is no information about a newer...

7.8CVSS8AI score0.02751EPSS
Exploits0References49
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-39342

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified gegl affected versions not specified Description A heap-based buffer overflow exists in the handling of HDR files within GIMP, potentially allowing for remote code execution. The issue resides in the gegl...

7.8CVSS8.4AI score0.02751EPSS
Exploits0References79
RedHat Linux
RedHat Linux
added 2024/12/02 11:39 a.m.3 views

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.61427EPSS
Exploits0References6
Veracode
Veracode
added 2024/09/26 4:40 p.m.9 views

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation in the Image Editor's background color feature, allowing a rogue admin to inject malicious code into the Thumbnails/Add-Type function...

5.1CVSS6.4AI score0.00503EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/25 3:30 a.m.11 views

GHSA-Q7QR-22QW-PQGX Cross site scripting in Concrete CMS

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type...

5.1CVSS4.8AI score0.00503EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/09/25 3:30 a.m.22 views

Cross site scripting in Concrete CMS

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type...

5.1CVSS6.1AI score0.00503EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/09/25 1:15 a.m.32 views

CVE-2024-8291

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...

5.1CVSS0.00503EPSS
Exploits0References4
Snyk
Snyk
added 2024/09/24 9:40 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the Thumbnails/Add-Type interface in "Image Editor Background Color". An attacker with administrator privileges could add malicious code to the interface by adding a specially crafted background color value...

5.1CVSS7.6AI score0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 9:17 p.m.15 views

CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...

5.1CVSS5AI score0.00503EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/24 9:17 p.m.31 views

CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...

5.1CVSS0.00503EPSS
Exploits0References4
CVE
CVE
added 2024/09/24 9:17 p.m.73 views

CVE-2024-8291

Concrete CMS stores stored XSS in the Image Editor background color feature (Thumbnails/Add-Type). Affected versions are 9.0.0–9.3.3 and below 8.5.19. The root cause is input that can inject malicious code via the Background Color field, exploitable by a rogue admin (privileges HIGH, UI not requi...

5.1CVSS5AI score0.00503EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.8 views

PT-2024-38919 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.3 Concrete CMS versions below 8.5.19 Description: The issue concerns Stored XSS in the Image Editor Background Color, where a rogue admin could add malicious code to the Thumbnails/Add-Type. This could...

5.1CVSS6.1AI score0.00503EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2024/02/19 2:47 p.m.2 views

gimp: psp off-by-one RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.56404EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/07 1:34 p.m.3 views

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.61427EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/06 10:18 a.m.10 views

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.61427EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/06 10:18 a.m.3 views

gimp: dds buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious DDS file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.27307EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/05 11:33 a.m.3 views

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...

7.8CVSS6AI score0.61427EPSS
Exploits0References6
OSV
OSV
added 2023/12/08 11:6 a.m.1 views

OESA-2023-1892 gimp security update

GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticat...

7.8CVSS7.2AI score0.61427EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.4 views

minipaint Security Vulnerabilities

minipaint is an online image editor. A security vulnerability exists in minipaint prior to version 4.14.0, which stems from a reflected cross-site scripting vulnerability...

8.6CVSS6.1AI score0.00533EPSS
Exploits1References2
Rows per page
Query Builder