Lucene search
K

10489 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

6.5CVSS0.00465EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.9 views

CVE-2026-57647

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57647

CVE-2026-57647 concerns the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin, affected in versions

7.5CVSS5.8AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.8 views

EUVD-2026-39762

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.33 views

CVE-2026-57647 WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS0.00259EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:14 p.m.4 views

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by endy in WordPress Plugin Panorama Viewer – 360 Degree Image + Video Viewer versions = 1.6.1...

7.5CVSS5.8AI score0.00259EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/26 8:42 a.m.5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.33 views

CVE-2026-30041

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

0.00571EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.34 views

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

0.00465EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:0 a.m.14 views

CVE-2026-30041

CVE-2026-30041 affects FastStone Image Viewer v8.3 and earlier, due to an integer overflow in the PSD parser component caused by invalid height handling, which leads to a heap-based buffer overflow. Exploitation with a crafted PSD file could allow arbitrary code execution or cause a DoS. Public s...

7.5CVSS6.2AI score0.00571EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:0 a.m.14 views

CVE-2026-30040

CVE-2026-30040 is a heap overflow in the JP2 parser within FSViewer.exe of FastStone Image Viewer v8.3 that can allow arbitrary code execution in the current process when processing crafted JPEG 2000 files. The issue can be triggered during automatic directory enumeration (e.g., during thumbnail ...

6.5CVSS6.2AI score0.00465EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea

Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References1
ICS
ICS
added 2026/06/25 6:0 a.m.20 views

OHIF Viewers DICOM

ADVISORY SUMMARY Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.3CVSS6AI score0.00232EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

AlmaLinux 8 : evince (ALSA-2026:28998)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.7 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 12:3 p.m.6 views

RLSA-2026:27819 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

7.8CVSS5.9AI score0.00529EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52172

Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...

6.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

RHEL 8 : evince (RHSA-2026:28998)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28998 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

8.4CVSS6AI score0.00529EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:38 p.m.6 views

CVE-2026-46552

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

5.8CVSS6AI score0.00296EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
Rows per page
Query Builder