778 matches found
CVE-2026-29055
CVE-2026-29055 affects Tandoor Recipes: in versions prior to 2.6.0, the image processing pipeline did not strip EXIF data, rescale, or validate sizes for WebP and GIF uploads, allowing sensitive EXIF metadata (GPS coordinates, camera model, timestamps, software) to be stored and served to all vie...
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
PT-2026-28384
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale...
OPENSUSE-RU-2026:20168-1 Recommended update for gimp
This update for gimp fixes the following issues: Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this...
WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebP Conversion versions = 2.2...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
CVE-2026-24530
CVE-2026-24530: Missing Authorization in the sheepfish WebP Conversion WordPress plugin (webp-conversion) affects versions up to 2.1. Root cause is incorrectly configured access control (missing authorization). CVSSv3.1 base score is 5.3 (Medium) with network access, low complexity, no privileges...
CVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.1...
CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...
PT-2026-4379
Name of the Vulnerable Software and Affected Versions sheepfish WebP Conversion versions through 2.1 Description An issue exists in sheepfish WebP Conversion related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation due to...
WordPress plugin WebP Conversion security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
MiracleLinux 7 : firefox-102.15.1-1.0.1.el7.AXS7 (AXSA:2023-6415:34)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6415:34 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 9 : firefox-102.15.1-1.el9.ML.1 (AXSA:2023-6450:36)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6450:36 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : libwebp-1.0.0-5.el8 (AXSA:2021-2754:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2754:03 advisory. libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009 libwebp: out-of-bounds read in ApplyFilter CVE-2018-25010 libwebp: out-of-bounds...
MiracleLinux 8 : exempi-2.4.5-4.el8 (AXSA:2024-8237:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8237:01 advisory. exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp fi...
MiracleLinux 8 : thunderbird-102.15.1-1.el8.ML.1 (AXSA:2023-6445:26)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6445:26 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : firefox-102.15.1-1.el8.ML.1 (AXSA:2023-6441:35)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6441:35 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 8 : exiv2-0.27.4-5.el8 (AXSA:2021-2752:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2752:04 advisory. exiv2: Heap-based buffer overflow in Jp2Image::readMetadata CVE-2021-3482 exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata...