Vulnerabilities
Vulnerable Software
Security Vulnerabilities
libexpat before 2.8.2 has an integer overflow in getAttributeId.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in storeAtts.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-06-21
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-06-21
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality.
CVSS Score
9.3
EPSS Score
0.004
Published
2026-06-21
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
CVSS Score
7.6
EPSS Score
0.003
Published
2026-06-21
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().
CVSS Score
7.6
EPSS Score
0.003
Published
2026-06-21
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.
CVSS Score
7.6
EPSS Score
0.004
Published
2026-06-21


Contact Us

Shodan ® - All rights reserved