CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-6384 – Gimp: gimp: arbitrary code execution or denial of service via buffer overflow in gif image processing
https://notcve.org/view.php?id=CVE-2026-6384
15 Apr 2026 — A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2026-6384 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40919 – Gimp: gimp: denial of service via specially crafted seattle filmworks file
https://notcve.org/view.php?id=CVE-2026-40919
15 Apr 2026 — A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application. • https://access.redhat.com/security/cve/CVE-2026-40919 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40918 – Gimp: gimp: denial of service via crafted pvr image file
https://notcve.org/view.php?id=CVE-2026-40918
15 Apr 2026 — A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected. • https://access.redhat.com/security/cve/CVE-2026-40918 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40917 – Gimp: gimp: application crashes or information disclosure via crafted icns image files
https://notcve.org/view.php?id=CVE-2026-40917
15 Apr 2026 — A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files. • https://access.redhat.com/security/cve/CVE-2026-40917 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40916 – Gimp: gimp: denial of service due to stack buffer overflow in tim image loader
https://notcve.org/view.php?id=CVE-2026-40916
15 Apr 2026 — A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array. • https://access.redhat.com/security/cve/CVE-2026-40916 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-40915 – Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader
https://notcve.org/view.php?id=CVE-2026-40915
15 Apr 2026 — A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2026-40915 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2026-5119 – Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
https://notcve.org/view.php?id=CVE-2026-5119
30 Mar 2026 — A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. Se encontró una vulnerabilidad en libsoup. Al establecer túneles HTTPS a través de un proxy HTTP configurado, las cookies de sesión sensibles se transmiten en texto claro dent... • https://access.redhat.com/security/cve/CVE-2026-5119 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2026-28369 – Undertow: undertow: request smuggling via malformed http request headers
https://notcve.org/view.php?id=CVE-2026-28369
27 Mar 2026 — A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure. • https://access.redhat.com/security/cve/CVE-2026-28369 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2026-28368 – Undertow: undertow: request smuggling via inconsistent header parsing
https://notcve.org/view.php?id=CVE-2026-28368
27 Mar 2026 — A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources. • https://access.redhat.com/security/cve/CVE-2026-28368 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-4647 – Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
https://notcve.org/view.php?id=CVE-2026-4647
23 Mar 2026 — A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks. Se encontró ... • https://access.redhat.com/security/cve/CVE-2026-4647 • CWE-125: Out-of-bounds Read •