Lucene search
K

5963 matches found

Nuclei
Nuclei
added yesterday553 views

elFinder <= 2.1.47 - Command Injection

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. The vulnerability occurs when performing image operations on JPEG files, where the filename is passed to the exiftran utility without proper sanitization, allowing command injection. id: CVE-2019-9194 info: name:...

9.8CVSS7AI score0.96633EPSS
Exploits11References5
NVD
NVD
added 4 days ago7 views

CVE-2026-55687

ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...

7.5CVSS0.00385EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42939

ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References7
CVE
CVE
added 4 days ago12 views

CVE-2026-55687

CVE-2026-55687 describes a stack-based out-of-bounds write in the Espressif ESF-IDF JPEG decoder marker parsing (jpeg_parse_dqt_marker). The attack uses the attacker-controlled DQT marker Tq nibble as an index into the qt_tbl array without validating it is within 0..3, enabling malformed JPEG inp...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56366 ImageMagick - Memory Leak in META Reader APP1JPEG Error Path

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

4.8CVSS0.00103EPSS
Exploits0References2
Rockylinux
Rockylinux
added 4 days ago6 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibRaw vulnerabilities (USN-8522-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8522-1 advisory. It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cau...

9.8CVSS6.6AI score0.00746EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 6 days ago4 views

gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS6AI score0.00301EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS6AI score0.00301EPSS
Exploits0References5
Fedora
Fedora
added 6 days ago19 views

[SECURITY] Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago15 views

[SECURITY] Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/07/06 8:9 p.m.7 views

CVE-2026-21368 Out-of-bounds Write in Camera Driver

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.5 views

CVE-2026-21368

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:9 p.m.11 views

CVE-2026-21368

CVE-2026-21368 describes an out-of-bounds write in a camera driver when parsing JPEG commands, caused by unaccounted extra writes to the buffer during validation. The CVSS vector indicates local access, high complexity, and low privileges required, with a Overall impact of low confidentiality, in...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 12:4 p.m.34 views

CVE-2026-13708 Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

0.00375EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 12:4 p.m.6 views

CVE-2026-13708

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

7.5CVSS6.1AI score0.00375EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/06 12:4 p.m.6 views

CVE-2026-13708

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

7.5CVSS6.1AI score0.00375EPSS
Exploits0
EUVD
EUVD
added 2026/07/06 12:4 p.m.5 views

EUVD-2026-41873

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

7.5CVSS6.1AI score0.00375EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

MiracleLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (AXSA:2026-1181:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1181:01 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buff...

8.8CVSS7.4AI score0.00867EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55932

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i readjpeg wiol. i readjpeg wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptc itext = mymalloc... and overwrites the previous...

7.5CVSS6.1AI score0.00375EPSS
Exploits0References5
Rows per page
Query Builder