Lucene search
K

19 matches found

Amazon
Amazon
added 4 days ago6 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

9.9CVSS6AI score0.00478EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.12 views

CVE-2026-34031

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
NVD
NVD
added 2026/02/10 10:17 p.m.8 views

CVE-2026-26013

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...

3.7CVSS0.00379EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/06 7:49 a.m.7 views

Denial-of-Service (DoS)

jsPDF is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unvalidated image dimensions in the addImage and html methods, where attacker-controlled BMP images with excessively large width or height values trigger excessive memory allocation, leading to out-of-memory errors and...

8.7CVSS5.5AI score0.00559EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/15 1:16 p.m.5 views

CVE-2026-22908

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality...

9.1CVSS5.9AI score0.00541EPSS
Exploits0References6
NVD
NVD
added 2025/12/16 1:15 p.m.8 views

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

6.4CVSS0.00306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 12:14 p.m.4 views

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

8.5CVSS5.8AI score0.00306EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/23 10:0 p.m.1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngdoquantize function, which lacks validation of external image data. An attacker can create a PNG file containing out-of-range palette indices, leading to out-of-bounds memory access. Remediation Upgrade...

6.9CVSS6.9AI score0.00184EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2025/11/07 6:30 p.m.9 views

AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS6.9AI score0.00281EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/27 1:0 p.m.5 views

CVE-2025-53018 Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS7AI score0.00168EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:46 a.m.4 views

CVE-2023-0670

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...

7.2CVSS7.6AI score0.01018EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.6 views

WordPress Plugin Ni Purchase Order(PO) For WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7AI score0.00876EPSS
Exploits2References2
NVD
NVD
added 2023/04/05 7:15 p.m.17 views

CVE-2023-0670

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...

7.2CVSS7.4AI score0.01018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.4 views

PT-2023-16441 · Ulearn · Ulearn

Name of the Vulnerable Software and Affected Versions: Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d Description: The issue allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the...

7.2CVSS8.2AI score0.01018EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.2 views

Library Management System 代码问题漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to file uploads due to a lack of validation of uploaded files in the parameter image in the file /card/index.php. The...

8.8CVSS6.2AI score0.00934EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/05/16 12:0 a.m.5 views

PT-2022-13819 · WordPress · Wpqa Builder Plugin

Name of the Vulnerable Software and Affected Versions: WPQA Builder Plugin versions prior to 5.2 Description: The issue allows any user with privileges as low as Subscriber to delete the profile pictures of other users due to a lack of validation for the image id parameter in the wpqa remove imag...

4.3CVSS4.5AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2021/03/18 7:55 p.m.1 views

GHSA-F4W8-CV6P-X6R5 Pillow Denial of Service by Uncontrolled Resource Consumption

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large...

8.7CVSS6.9AI score0.0317EPSS
Exploits0References13
Rows per page
Query Builder