CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

CVE-2026-7845

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

PT-2026-37082

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste...

CVE-2026-3961

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

CVE-2026-3961

CVE-2026-3961 affects the zyddnys manga-image-translator project up to beta-0.3. The vulnerability lies in the function to_pil_image in manga-image-translator-main/server/request_extraction.py of the Translate Endpoints, where input handling allows server-side request forgery. The issue enables r...

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

vLLM has RCE In Video Processing

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

EUVD-2014-0040

Malware in sbrugna...

CVE-2025-27032

The CVE-2025-27032 vulnerability describes a memory corruption issue in Qualcomm closed-source components when loading a PIL-authenticated VM image without cache coherency. The flaw affects the handling of PIL VM images at load time, with the root cause identified as cache coherency problems that...

MAL-2025-13157 Malicious code in @zalastax/nolb-pil (npm)

The package @zalastax/nolb-pil was found to contain malicious code...

Malicious code in @zalastax/nolb-pil (npm)

The package @zalastax/nolb-pil was found to contain malicious code...

Debian: Security Advisory (DSA-5704-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2024-5473 Malicious code in pilloa (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Ubuntu 24.04 LTS. : Pillow vulnerability (USN-6744-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6744-3 advisory. USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding description...

Debian: Security Advisory (DLA-3786-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3786 : python-pil - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3786 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3786-1 [email protected] https://www.debian.org/lts/security/...