340 matches found
The vulnerability of the command-line image editing tool Sips in macOS operating systems allows a hacker to trigger a service failure.
The vulnerability of the command-line image editing tool Sips in macOS operating systems is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
PT-2025-39344
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description An integer overflow exists in the WBMP file parsing functionality of GIMP. This issue could allow for remote code execution. Recommendations At the moment, there is no information about a newer...
PT-2025-39342
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified gegl affected versions not specified Description A heap-based buffer overflow exists in the handling of HDR files within GIMP, potentially allowing for remote code execution. The issue resides in the gegl...
gimp: PSD buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...
Cross-site Scripting (XSS)
Concrete CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation in the Image Editor's background color feature, allowing a rogue admin to inject malicious code into the Thumbnails/Add-Type function...
GHSA-Q7QR-22QW-PQGX Cross site scripting in Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type...
Cross site scripting in Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type...
CVE-2024-8291
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the Thumbnails/Add-Type interface in "Image Editor Background Color". An attacker with administrator privileges could add malicious code to the interface by adding a specially crafted background color value...
CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...
CVE-2024-8291 Concrete CMS Stored XSS in Image Editor Background Color
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector...
CVE-2024-8291
Concrete CMS stores stored XSS in the Image Editor background color feature (Thumbnails/Add-Type). Affected versions are 9.0.0–9.3.3 and below 8.5.19. The root cause is input that can inject malicious code via the Background Color field, exploitable by a rogue admin (privileges HIGH, UI not requi...
PT-2024-38919 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.3 Concrete CMS versions below 8.5.19 Description: The issue concerns Stored XSS in the Image Editor Background Color, where a rogue admin could add malicious code to the Thumbnails/Add-Type. This could...
gimp: psp off-by-one RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...
gimp: PSD buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...
gimp: PSD buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...
gimp: dds buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious DDS file, possibly enabling the execution of unauthorized code within the GIMP process...
gimp: PSD buffer overflow RCE
A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...
OESA-2023-1892 gimp security update
GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticat...
minipaint Security Vulnerabilities
minipaint is an online image editor. A security vulnerability exists in minipaint prior to version 4.14.0, which stems from a reflected cross-site scripting vulnerability...