145 matches found
CVE-2026-54394
The CVE-2026-54394 entry describes a path traversal vulnerability in MISP's OrganisationsController::getOrgLogo. The vulnerable code constructs paths to organisation logos using fields like id, name, and uuid without enforcing that the resolved path stays under APP/files/img/orgs/. An attacker ab...
Astra Linux – Vulnerability in openjpeg2
A heap-buffer overflow was discovered in the way openjpeg2 handles certain PNG format files. An attacker could exploit this flaw to cause an application to crash, or in some cases to execute arbitrary code with the permission of the user running such an application...
CVE-2021-27506
The ClamAV Engine version 0.103.1 and below component embedded in Storsmshield Network Security SNS is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libpng vulnerabilities (USN-8035-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8035-1 advisory. It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma...
CVE-2022-37374
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2026-22190
Summary of CVE-2026-22190 (Panda3D) Affected: Panda3D up to and including 1.10.16, specifically the egg-mkfont utility. Vulnerability: Uncontrolled format string in the -gp (glyph pattern) option. The option is passed directly as the format string to sprintf() with only one argument. If an attack...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : libpng vulnerabilities (USN-7924-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7924-1 advisory. It was discovered that libpng incorrectly handled memory when processing certain PNG file...
png -- Out-of-bounds read
https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports: Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency an...
Rogue WordPress Plugin Conceals Multi-Tiered Credit Card Skimmers in Fake PNG Files
The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious...
EUVD-2008-5877
Malware in sbrugna...
EUVD-2020-20315
Malware in sbrugna...
EUVD-2020-7617
Malware in sbrugna...
EUVD-2017-9351
Malware in sbrugna...
EUVD-2017-2944
Malware in sbrugna...
EUVD-2009-1927
Malware in sbrugna...
EUVD-2020-21757
Malware in sbrugna...
EUVD-2010-0236
Malware in sbrugna...
EUVD-2008-6188
Malware in sbrugna...
EUVD-2022-7148
Malicious code in bioql PyPI...
EUVD-2024-50345
Malicious code in bioql PyPI...