Lucene search
K
GithubRecent

33254 matches found

Github Security Blog
Github Security Blog
added 2026/02/24 3:46 p.m.5 views

ImageMagick: Invalid MSL <map> can result in a use after free

The MSL interpreter crashes when processing a invalid element that causes it to use an image after it has been freed...

5.3CVSS5.3AI score0.0045EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:46 p.m.5 views

ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent`

A continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang Denial of Service with a crafted image...

7.5CVSS5.4AI score0.00327EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:46 p.m.5 views

ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile

A crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT...

7.5CVSS5.3AI score0.00327EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:45 p.m.8 views

ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

A crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:45 p.m.5 views

ImageMagick: MSL image stack index may fail to refresh, leading to leaked images

Sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. ==841485==ERROR: LeakSanitizer: detected memory leaks Direct leak of 13512 bytes in 1 objects allocated from: 0 0x7ff330759887 in interceptormalloc...

7.5CVSS5.4AI score0.00438EPSS
Exploits0References5Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:44 p.m.6 views

ImageMagick has a heap buffer over-read in its MAP image decoder

A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. ================================================================= ==4070926==ERROR: AddressSanitizer:...

9.1CVSS5.7AI score0.0037EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:44 p.m.6 views

ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder

A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...

7.5CVSS5.4AI score0.00501EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:43 p.m.10 views

ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

A crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing...

9.8CVSS5.5AI score0.00435EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:43 p.m.9 views

Image Magick has a Memory Leak in coders/ashlar.c

Memory leak exists in coders/ashlar.c. The WriteASHLARImage allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. bash ==78968== Memcheck, a memory error detector ==78968== Copyright C 2002-2022, and GNU...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References5Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:43 p.m.7 views

ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field

Summary A stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. ================================================================= ==3537074==ERROR: AddressSanitizer: stack-buffer-overflow on...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:42 p.m.6 views

ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: xml However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of...

7.8CVSS5.4AI score0.00135EPSS
Exploits0References5Affected Software17
Github Security Blog
Github Security Blog
added 2026/02/24 3:40 p.m.19 views

ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized...

8.6CVSS5.5AI score0.00671EPSS
Exploits0References4Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:39 p.m.9 views

ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger ...

9.1CVSS5.8AI score0.00348EPSS
Exploits0References5Affected Software17
Github Security Blog
Github Security Blog
added 2026/02/24 3:38 p.m.6 views

ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write

An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. ================================================================= ==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50...

9.8CVSS5.5AI score0.00302EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:37 p.m.5 views

ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash

A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. coders/yuv.c:210:47: runtime error: division by zero AddressSanitizer:DEADLYSIGNAL...

7.5CVSS5.5AI score0.00385EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:36 p.m.19 views

ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image

A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in Denial of Service. AddressSanitizer:DEADLYSIGNAL =================================================================...

7.5CVSS5.5AI score0.00429EPSS
Exploits0References6Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:34 p.m.9 views

ImageMagick: Code Injection via PostScript header in ps coders

The ps encoders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer like Ghostscript, the...

5.7CVSS5.7AI score0.00161EPSS
Exploits0References5Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:33 p.m.7 views

ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths

Summary In ReadSTEGANOImage coders/stegano.c, the watermark Image object is not freed on three early-return paths, resulting in a definite memory leak 13.5KB+ per invocation that can be exploited for denial of service. Direct leak of 13512 bytes in 1 objects allocated from: 0 0x7f5c11e27887 in...

7.5CVSS5.4AI score0.00376EPSS
Exploits0References5Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:32 p.m.9 views

ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

In ReadSFWImage coders/sfw.c, when temporary file creation fails, readinfo is destroyed before its filename member is accessed, causing a NULL pointer dereference and crash. AddressSanitizer:DEADLYSIGNAL ================================================================= ==1414421==ERROR:...

7.5CVSS5.3AI score0.00376EPSS
Exploits0References6Affected Software18
Github Security Blog
Github Security Blog
added 2026/02/24 3:31 p.m.19 views

ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions

WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of...

8.2CVSS5.6AI score0.0042EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.8 views

ImageMagick has memory leak in msl encoder

Memory leak exists in coders/msl.c. In the WriteMSLImage function of the msl.c file, resources are allocated. But the function returns early without releasing these allocated resources. ==78983== Memcheck, a memory error detector ==78983== Copyright C 2002-2022, and GNU GPL'd, by Julian Seward et...

5.3CVSS5.4AI score0.00325EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.9 views

Apache Superset Improper Authorization allows low-privileged users to bypass access controls

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

7.1CVSS5.8AI score0.00436EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.11 views

Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

6.5CVSS5.6AI score0.004EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.11 views

Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS5.7AI score0.00348EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.7 views

Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

6.5CVSS5.9AI score0.00607EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.9 views

Apache Superset allows privileged users to conduct error-based SQL Injection

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

6.5CVSS5.7AI score0.00503EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.8 views

ImageMagick: Possible memory leak in ASHLAR encoder

A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. ==880062== Memcheck, a memory error detector ==880062== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...

5.3CVSS5.5AI score0.00384EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:29 p.m.8 views

ImageMagick: Out of bounds read in multiple coders read raw pixel data

A heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer...

5.5CVSS5.6AI score0.00181EPSS
Exploits0References5Affected Software16
Github Security Blog
Github Security Blog
added 2026/02/24 3:29 p.m.13 views

ImageMagick: Infinite loop vulnerability when parsing a PCD file

When a PCD file does not contain a valid marker, the DecodeImage function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service...

7.5CVSS5.3AI score0.00449EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:28 p.m.8 views

ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS

Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS...

5.3CVSS5.3AI score0.00401EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/02/24 3:27 p.m.111 views

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description A heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the...

7.5CVSS5.3AI score0.00348EPSS
Exploits0References5Affected Software17
Github Security Blog
Github Security Blog
added 2026/02/24 12:31 p.m.10 views

Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

8.4CVSS6.7AI score0.01134EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/24 12:31 p.m.12 views

Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS5.3AI score0.00363EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:16 p.m.9 views

Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit

A Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By...

6.9CVSS5.5AI score0.00176EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:16 p.m.22 views

Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

7CVSS6.2AI score0.00446EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:15 p.m.7 views

Craft CMS has Stored XSS in Table Field via "HTML" Column Type

A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...

5.9CVSS5.9AI score0.00217EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:13 p.m.5 views

yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option

Summary When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who us...

8.8CVSS5.7AI score0.01596EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:12 p.m.6 views

ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...

9.8CVSS6.3AI score0.00915EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 10:10 p.m.56 views

New API has Potential XSS in its MarkdownRenderer component

Summary A potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Details Line 212-231 of MarkdownRenderer.jsx is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can...

7.6CVSS5.4AI score0.00222EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 9:56 p.m.10 views

New API has an SQL LIKE Wildcard Injection DoS via Token Search

Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...

7.1CVSS6AI score0.00499EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 9:54 p.m.11 views

Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.6AI score0.01414EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 6:32 p.m.9 views

yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.4AI score0.00169EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 9:31 a.m.10 views

Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS5.4AI score0.00398EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 9:31 a.m.11 views

Apache Camel Deserializes Untrusted Data in its LevelDB Component

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 6:30 a.m.7 views

datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

7.2CVSS5AI score0.00686EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/23 6:30 a.m.10 views

datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...

7.5CVSS4.5AI score0.00821EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/22 3:30 a.m.7 views

funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS5.1AI score0.00223EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/22 3:30 a.m.7 views

funadmin: XSS through Value argument in Backend Interface component

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

4.8CVSS3.7AI score0.00202EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/22 12:31 a.m.7 views

funadmin has Incorrect Privilege Assignment in its Configuration Handler

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

7.5CVSS5.2AI score0.00286EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/22 12:31 a.m.8 views

funadmin has Weak Password Recovery Mechanism for Forgotten Password

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

8.1CVSS4.6AI score0.00392EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities33254