Sp1d3rL1

2 exploits Active since Oct 2024
CVE-2026-3707 WRITEUP MEDIUM WRITEUP
MrNanko webp4j <=1.3.x - Integer Overflow
A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 89771b201c66d15d29e4cc016d8aae82b6a5fbe1. It is advisable to implement a patch to correct this issue.
CVSS 5.3
CVE-2024-46446 WRITEUP CRITICAL WORKING POC
Mecha CMS 3.0.0 - Path Traversal and Arbitrary File Deletion via Cookie and URI Manipulation
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.
CVSS 9.8