Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

📄 Django Summernote 0.8.20.0 Unrestricted File Upload Scanner

This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. It targets misconfigurations where image validation depends on the Pillow library and allows non-image files to be uploaded when Pillow is missing. The module safely scans common upload...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of sensitive data. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of sensitive data when attachments that are not images are added, due to the lack of authentication procedures. Exploiting this vulnerability can allow...

GHSA-MVF6-3F2G-XFXF endroid/qr-code-bundle File Disclosure via logo_path query parameter

Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...

PT-2024-40382 · Unknown · Endroid/Qr-Code-Bundle

Name of the Vulnerable Software and Affected Versions: endroid/qr-code-bundle versions prior to 3.4.2 Description: The issue arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure through the logo path query parameter. Recommendations: For...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

Heimdall 安全漏洞

Heimdall is an open source application panel and launcher for LinuxServer.io. A security vulnerability exists in LinuxServer.io Heimdall versions prior to 2.5.7 that stems from will not prevent the use of icons with non-image data...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 is affected. The issue arises in the Icon Handler which does not prevent icons containing non-image data (e.g., ""), allowing such data to be processed. This is documented across multiple sources (NVD/Red Hat/OSV) with CVSS 3.1 base metrics indicating high imp...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

PKP Web Application Library Security Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A security vulnerability exists in the PKP Web Application Library PKP-WAL prior to version 3.3.0-16...

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...

DEBIAN-CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...

CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...

Design/Logic Flaw

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...