CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

9.8CVSS7.6AI score0.00137EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:42 a.m.•4 views

CVE-2023-48356

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

4.4CVSS6.8AI score0.0001EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:42 a.m.•5 views

CVE-2023-48339

In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed...

4.4CVSS6.3AI score0.00012EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:41 a.m.•2 views

CVE-2023-48355

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

4.4CVSS6.8AI score0.0001EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:19 a.m.•3 views

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

8.8CVSS7.4AI score0.00091EPSS

Exploits1

RedhatCVE•added 2025/05/23 3:17 a.m.•1 views

CVE-2023-23135

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file...

7.2CVSS7.9AI score0.0094EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:47 p.m.•4 views

CVE-2022-2984

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...

5.5CVSS6.6AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:54 p.m.•3 views

CVE-2021-37770

Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with...

7.2CVSS7.1AI score0.01073EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:21 p.m.•5 views

CVE-2021-44044

An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG 4 extraneous bytes before the marker 0xca can trigger a write operation past the end of an allocated...

7.8CVSS7.2AI score0.00367EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:29 p.m.•3 views

CVE-2020-21483

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file...

7.2CVSS7.9AI score0.00993EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:23 p.m.•3 views

CVE-2020-29176

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...

7.8CVSS7.8AI score0.00388EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:8 p.m.•4 views

CVE-2020-23890

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648...

5.5CVSS7.2AI score0.00193EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by