4 matches found
CVE-2026-45729
Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...
CVE-2023-0934
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...
CVE-2024-46261
cutepng v1.05 was discovered to contain a heap buffer overflow via the cpmake32 function at cutepng.h...