Skip to main content
CVE-2019-25709 CRITICAL POC Act Now

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Cf Image Hosting Script
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-40393 CRITICAL PATCH Act Now

Out-of-bounds memory access in the WebGPU implementation of Mesa (fixed in 25.3.6 and 26.0.1) lets an attacker who can submit WebGPU workloads corrupt memory, because a to-be-allocated buffer size is taken from an untrusted party and passed to alloca, producing a stack-based out-of-bounds write (CWE-787). The CVSS 9.8 rating reflects total technical impact, but there is no public exploit identified at time of analysis and EPSS is very low at 0.04%, indicating a serious memory-corruption bug that is not yet being exploited. SUSE and Debian LTS have already shipped fixed packages.

Buffer Overflow Memory Corruption Mesa
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy