Lucene search
K

50339 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
CVE
CVE
added 5 days ago8 views

CVE-2026-58654

The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 suffers an unrestricted file upload in /api/v1/users/user/avatar: it validates only the client-declared MIME type and allows arbitrary content to be stored under user/accounts/avatars/ with predictable filenames. Although direct HTTP access is b...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References2
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-56374

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure...

7.1CVSS6.2AI score0.00157EPSS
Exploits0
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-56362

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

4.2CVSS6AI score0.00188EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-56362 ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

3.3CVSS0.00188EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-56362

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

4.2CVSS6.1AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-56298

Capgo CVE-2026-56298 affects Capgo prior to 12.128.2, where the app information image upload endpoint does not strip EXIF metadata, exposing geolocation and embedded metadata. Root cause: failure to strip EXIF during upload. Impact: potential leakage of geographic location data. Remediation: upgr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42256

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago4 views

WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin Instant Image Generator versions = 2.1.4...

6.4CVSS6.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

0.00394EPSS
Exploits0References2
OSV
OSV
added 5 days ago6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 5 days ago7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 5 days ago14 views

Important: Red Hat Security Advisory: Red Hat Directory Server 13.2 container image update

An updated Red Hat Directory Server 13.2 container image for RHEL 10 is now available in the Red Hat container registry, including bug fixes and security patches. Red Hat Directory Server is an LDAPv3-compliant directory server. The image is maintained by Red Hat and updated regularly. To pull th...

8.8CVSS5.9AI score0.0067EPSS
Exploits0References5
NVD
NVD
added 5 days ago11 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 5 days ago27 views

CVE-2026-57253 Foxit PDF Editor/Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42201

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57253

Technical details beyond the high-level description are not publicly available in the provided documents. Monitor for updates from Foxit security bulletins.

6.1CVSS6.1AI score0.00107EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56547

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.1 Description An attacker can craft a PDF file with a page content stream containing an unterminated inline image. This leads to an infinite loop during the detection of the inline image end marker, which can occur...

8.7CVSS6AI score0.00345EPSS
Exploits0References11
Rows per page
Query Builder