Zyddnys Manga-Image-Translator vulnerabilities
3 known vulnerabilities affecting zyddnys/manga-image-translator.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-10042P2CRITICALCVSS 9.8≤ d7441482026-05-29
CVE-2026-10042 [CRITICAL] CWE-502 CVE-2026-10042: manga-image-translator contains a remote code execution vulnerability in the shared API server mode
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker ca
nvd
CVE-2026-26215P2CRITICALCVSS 9.3≤ beta-0.32026-02-11
CVE-2026-26215 [CRITICAL] CWE-502 CVE-2026-26215: manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserializat
manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-b
nvd
CVE-2026-3961P3MEDIUMCVSS 6.3vbeta-0.0vbeta-0.1+2 more2026-03-11
CVE-2026-3961 [MEDIUM] CWE-918 CVE-2026-3961: A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected elemen
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit h
nvd