Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

SUSE CVE
SUSE CVEadded 2026/02/04 12:41 a.m.2 views

SUSE CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS5.9AI score0.00178EPSS
Exploits0References3
Veracode
Veracodeadded 2022/03/03 4:16 a.m.58 views

Shell Command Injection

imageprocessing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands...

9.8CVSS3.7AI score0.00875EPSS
Exploits1References3Affected Software2
OSV
OSVadded 2022/03/01 10:22 p.m.24 views

GHSA-CXF7-QRC5-9446 Remote shell execution vulnerability in image_processing

Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...

9.8CVSS9.4AI score0.00875EPSS
Exploits1References6
CVE
CVEadded 2022/03/01 12:0 a.m.127 views

CVE-2022-24720

CVE-2022-24720 affects the image_processing Ruby gem (wrapper for libvips/ImageMagick/GraphicsMagick). A bug in the #apply method allows executing shell commands when operation sequences come from unsanitized user input. This chain affects Active Storage variants that rely on image_processing. Th...

10CVSS9.4AI score0.00875EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/03/01 12:0 a.m.14 views

CVE-2022-24720 Improper Input Validation in image_processing

imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...

9.8CVSS9.7AI score0.00875EPSS
Exploits1References3
NVD
NVDadded 2021/08/05 9:15 p.m.11 views

CVE-2021-22234

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server...

9.6CVSS0.00172EPSS
Exploits1References3
Fedora
Fedoraadded 2020/10/05 12:18 a.m.36 views

[SECURITY] Fedora 33 Update: rubygem-image_processing-1.11.0-1.fc33

High-level wrapper for processing images for the web with ImageMagick or libvips...

6.5CVSS2.5AI score0.01184EPSS
Exploits1
OpenVAS
OpenVASadded 2020/10/05 12:0 a.m.25 views

Fedora: Security Advisory for rubygem-image_processing (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.1AI score0.01184EPSS
Exploits1References2
Rows per page
Query Builder