11526 matches found
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value
An unrecognized magnify:method will result in an out of bounds read in the magnify operation. ==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30 READ of size 4 at 0x61a000000b30 thread T0...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magnify when an unrecognized magnify:method value is provided. An attacker can cause a denial of service by triggering an out-of-bounds read during image processing. Remediation A fix was pushed into t...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
GHSA-8VFJ-Q2CP-5M5J ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value
An unrecognized magnify:method will result in an out of bounds read in the magnify operation. ==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30 READ of size 4 at 0x61a000000b30 thread T0...
CVE-2025-69627
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...
CVE-2026-35598
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
EUVD-2025-209437
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...
SUSE-SU-2026:21194-1 Security update for plexus-utils
This update for plexus-utils fixes the following issue: - CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
CVE-2025-7389
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...
CVE-2025-7389
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...
CVE-2025-7389
CVE-2025-7389 describes a vulnerability in the OpenEdge AdminServer component where authenticated users could gain OS-level access and read arbitrary host files via misused methods exposed through the RMI interface, specifically the prototypes like setFile() and openFile() . The issue hinges on t...
JLSEC-2026-110 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
Summary The Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false impression that variables listed in the option are impossible to read. PoC export...
Exploit for CVE-2026-22692
CVE-2026-22692: Critical Twig Sandbox Bypass via collect-ma...
PT-2026-32628
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...