CVE-2026-3650

A flaw was found in the Grassroots DICOM library GDCM. This memory leak vulnerability occurs when the library processes maliciously crafted DICOM files containing non-standard value representation VR types in their file meta-information. A remote attacker can exploit this by providing such a file...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime during handling of DICOM files containing non-standard VR types in their file meta-information. An attacker can cause excessive memory consumption and resource exhaustion by supplying a...

CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

EUVD-2024-27892

Malicious code in bioql PyPI...

EUVD-2025-25310

Malicious code in bioql PyPI...

CVE-2025-51990

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can inject arbitrary JavaScript payloads into the HTTP...

CVE-2025-51990

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can inject arbitrary JavaScript payloads into the HTTP...

CVE-2025-7722

CVE-2025-7722 affects the Social Streams WordPress plugin (versions

CVE-2025-7722 Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation

The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the updateusermeta function. This makes it possible for...

ExifTool: Multiple vulnerabilities

Background ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. Description Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for...

WordPress Plugin BoldGrid Easy SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

BoldGrid Easy SEO – Simple and Effective SEO < 1.6.15 - Information Exposure

Description The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a...

CVE-2024-24793

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...

Design/Logic Flaw

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable...

Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities

Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imagi...

PT-2024-1887 · Libdicom · Libdicom

Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...

CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

Cross site request forgery (csrf)

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...