Lucene search
K

227 matches found

RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-56373

A flaw was found in ImageMagick. This use-after-free vulnerability CWE-416 exists within the PDB Program Database decoder. A remote attacker could exploit this by tricking a user into processing a specially crafted malicious PDB file. This could lead to a denial of service DoS due to application...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS6AI score0.00695EPSS
Exploits0References10
NVD
NVD
added 2026/07/06 8:16 a.m.7 views

CVE-2026-6382

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

9.1CVSS0.00902EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the MNG decoder due to allocated memory for pixel data being left unchanged. An attacker can obtain sensitive information from uninitialized memory by submitting specially crafted image files. Remediatio...

6.9CVSS6AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 9:12 a.m.3 views

SUSE-SU-2026:22378-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues Security issues: - CVE-2026-42050: Stack buffer overflow in XTileImage bsc1265048. - CVE-2026-42326: Information disclosure via malicious IPTC input file bsc1268092. - CVE-2026-45031: Denial of Service due to resource policy bypass in PSD...

9.1CVSS6.5AI score0.01849EPSS
Exploits4References65
OSV
OSV
added 2026/06/23 1:25 p.m.2 views

SUSE-SU-2026:2580-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. -...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References59
NVD
NVD
added 2026/06/16 10:16 a.m.14 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.00267EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.11 views

Infinite loop

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/28 6:22 a.m.32 views

USN-8328-1: OpenJDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/26 4:43 a.m.22 views

Important: Red Hat Security Advisory: compat-libtiff3 security update

An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

7.8CVSS6.2AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 9:43 p.m.14 views

Division by zero

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:36 p.m.13 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.3 views

The vulnerability of the JAXP component of the Oracle Java SE software platform, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain unauthorized access to devices.

The vulnerability of the JAXP component in the Oracle Java SE software platform and the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to...

7.8CVSS7.2AI score0.00702EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Visual Studio Code 后置链接漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a postman link vulnerability. Attackers can exploit this vulnerability to bypass certain features...

6.3CVSS5.9AI score0.00599EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Node Typescript OCR 安全漏洞

Node Typescript OCR is a command-line PDF and image OCR processing tool developed by Nicolas Pearson. Version 1.0.15 of Node Typescript OCR contains a security vulnerability, which stems from the invokeImageOcr function in src/index.js, where OS command injection occurs...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:43 p.m.3 views

BIT-JAVA-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.5AI score0.03458EPSS
Exploits0References8
OSV
OSV
added 2026/05/06 2:41 p.m.3 views

BIT-JAVA-2020-14621

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

5.3CVSS6.6AI score0.0435EPSS
Exploits0References18
Rows per page
Query Builder