Vulnerabilities
Vulnerable Software
Security Vulnerabilities
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.
CVSS Score
6.3
EPSS Score
0.003
Published
2026-07-11
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-07-11
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
CVSS Score
4.8
EPSS Score
0.002
Published
2026-07-11
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-07-11
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service.
CVSS Score
4.8
EPSS Score
0.002
Published
2026-07-11
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
CVSS Score
4.8
EPSS Score
0.001
Published
2026-07-11
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
CVSS Score
9.0
EPSS Score
0.003
Published
2026-07-11
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS Score
10.0
EPSS Score
0.003
Published
2026-07-11
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-07-10
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-07-10


Contact Us

Shodan ® - All rights reserved