Lucene search
K

778 matches found

CVE
CVE
added 2026/03/26 7:3 p.m.8 views

CVE-2026-29055

CVE-2026-29055 affects Tandoor Recipes: in versions prior to 2.6.0, the image processing pipeline did not strip EXIF data, rescale, or validate sizes for WebP and GIF uploads, allowing sensitive EXIF metadata (GPS coordinates, camera model, timestamps, software) to be stored and served to all vie...

5.3CVSS5.9AI score0.00306EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:3 p.m.20 views

CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...

5.3CVSS0.00306EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28384

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale...

5.3CVSS5.9AI score0.00306EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 6:5 p.m.3 views

OPENSUSE-RU-2026:20168-1 Recommended update for gimp

This update for gimp fixes the following issues: Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this...

7.8CVSS7.3AI score0.00744EPSS
Exploits1References10
Patchstack
Patchstack
added 2026/01/26 4:12 a.m.6 views

WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebP Conversion versions = 2.2...

5.3CVSS5.3AI score0.00372EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.5 views

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

5.3CVSS5.9AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.5 views

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

5.3CVSS0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.2 views

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

5.3CVSS5.9AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.17 views

CVE-2026-24530

CVE-2026-24530: Missing Authorization in the sheepfish WebP Conversion WordPress plugin (webp-conversion) affects versions up to 2.1. Root cause is incorrectly configured access control (missing authorization). CVSSv3.1 base score is 5.3 (Medium) with network access, low complexity, no privileges...

5.3CVSS5.9AI score0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.4 views

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.1...

5.3CVSS5.9AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.34 views

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

5.3CVSS0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4379

Name of the Vulnerable Software and Affected Versions sheepfish WebP Conversion versions through 2.1 Description An issue exists in sheepfish WebP Conversion related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation due to...

5.3AI score0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.7 views

WordPress plugin WebP Conversion security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : firefox-102.15.1-1.0.1.el7.AXS7 (AXSA:2023-6415:34)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6415:34 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.8CVSS8AI score0.99735EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : firefox-102.15.1-1.el9.ML.1 (AXSA:2023-6450:36)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6450:36 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.8CVSS8AI score0.99735EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : libwebp-1.0.0-5.el8 (AXSA:2021-2754:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2754:03 advisory. libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009 libwebp: out-of-bounds read in ApplyFilter CVE-2018-25010 libwebp: out-of-bounds...

9.8CVSS5.6AI score0.02302EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : exempi-2.4.5-4.el8 (AXSA:2024-8237:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8237:01 advisory. exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp fi...

6.5CVSS5.6AI score0.00998EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : thunderbird-102.15.1-1.el8.ML.1 (AXSA:2023-6445:26)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6445:26 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.8CVSS8AI score0.99735EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : firefox-102.15.1-1.el8.ML.1 (AXSA:2023-6441:35)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6441:35 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.8CVSS8AI score0.99735EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : exiv2-0.27.4-5.el8 (AXSA:2021-2752:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2752:04 advisory. exiv2: Heap-based buffer overflow in Jp2Image::readMetadata CVE-2021-3482 exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata...

7.8CVSS5.8AI score0.02555EPSS
Exploits3References13
Rows per page
Query Builder