Lucene search
K

683 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-61857

A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP Extensible Metadata Platform profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can...

6.5CVSS6.1AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 7:0 p.m.4 views

CVE-2026-44990

A flaw was found in the sanitize-html library. Under its default configuration, an attacker can embed malicious content within a disallowed xmp element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting XSS. Successful...

9.3CVSS6.3AI score0.00397EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 1:25 p.m.2 views

SUSE-SU-2026:2580-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. -...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References59
NVD
NVD
added 2026/06/12 9:16 p.m.21 views

CVE-2026-44990

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS0.00397EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 8:39 p.m.10 views

EUVD-2026-36566

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS5.2AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:39 p.m.38 views

CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS0.00397EPSS
Exploits0References1
Mageia
Mageia
added 2026/06/10 5:7 a.m.19 views

Updated libxmp packages fix security vulnerabilities

CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...

7.8CVSS7AI score0.0056EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS5.3AI score0.00423EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 4:16 p.m.11 views

UBUNTU-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 2:49 p.m.41 views

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS0.0013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 2:49 p.m.8 views

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:49 p.m.12 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 2:49 p.m.11 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0
CVE
CVE
added 2026/05/28 2:49 p.m.43 views

CVE-2026-48735

The CVE affects the Python PDF library pypdf prior to version 6.12.1, where parsing large XMP metadata can cause excessive memory usage. Root cause is processing crafted or verbose XMP metadata that expands memory footprint. Impact stated: high impact on availability due to memory exhaustion; con...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exempi

XMP Toolkit SDK versions 2021.07 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass security measures such as ASLR. Exploiting this issue requires user interaction—that is, the...

5.5CVSS6.8AI score0.0217EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to local application denial of service in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

5.5CVSS6.5AI score0.03751EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit 2021.07 and earlier versions is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could exploit this vulnerability to cause a denial-of-service attack for the current user. Exploiting this issue requires user...

7.1CVSS6.4AI score0.01824EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a null pointer dereference vulnerability that could lead to data leakage from certain memory locations and cause a local denial of service in the context of the current user. User interaction is required to exploit this...

6.1CVSS6.6AI score0.02278EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

9.3CVSS7.9AI score0.05399EPSS
Exploits0References2
Rows per page
Query Builder