TencentOS Server 2: ImageMagick (TSSA-2026:0252)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0252 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

ImageMagick security update

6.9.10.68-7.0.9 - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 6.9.10.68-7.0.7 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the internal SVG decoder CVE-2026-25985 6.9.10.68-7.0.5 - Fix...

Oracle Linux 7 : ImageMagick (ELSA-2026-6713)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6713 advisory. - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memor...

Oracle Linux 7 : ImageMagick (ELSA-2026-5573)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5573 advisory. - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the interna...

ROOT-OS-DEBIAN-11-CVE-2026-25965 CVE-2026-25965 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25965 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-25965 CVE-2026-25965 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25965 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

[SECURITY] [DLA 4497-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4497-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 11, 2026 https://wiki.debian.org/LTS -...

Debian dsa-6159 : imagemagick - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6159 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6159-1 [email protected] https://www.debian.org/securit...

ROOT-OS-DEBIAN-13-CVE-2026-25965 CVE-2026-25965 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25965 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-25965

creationtimestamp| type| source ---|---|--- 2026-02-24 02:18:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfl3zyvtdf2k 2026-02-24 05:02:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mflf7zlkhb2u 2026-02-25 13:00:16+00:00| seen|...

CVE-2026-25965 ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...

CVE-2025-25965

creationtimestamp| type| source ---|---|--- 2025-02-15 16:04:26+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/13576 2025-02-15 22:00:05+00:00| published-proof-of-concept| Telegram/01uiN9EgivkKxd6NbVHaT5JBriknOXStz8AUkJgyZbdyjk...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2024-25965

Dell PowerScale OneFS (versions 8.2.x–9.7.0.2) contains an external control of file name or path vulnerability. A local high-privilege attacker could exploit this to cause denial of service. Impact is aligned with local access and high-privilege requirements; no in-wild exploit details are provid...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2023-25965

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0...

WordPress Upload Resume Plugin <= 1.2.0 is vulnerable to Sensitive Data Exposure

Software Upload Resume Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-25965 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 22453b4ef9ac Credits MyungJu Kim Required privileg...

CVE-2021-25965

creationtimestamp| type| source ---|---|--- 2021-11-17 16:14:52+00:00| seen| https://t.me/cibsecurity/32461...

CVE-2021-25965 Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery CSRF. By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application...