OPENSUSE-SU-2026:10954-1 kernel-devel-7.0.11-1.1 on GA media

These are all security issues fixed in the kernel-devel-7.0.11-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в imagemagick

A vulnerability was discovered in ImageMagick-7.0.11-5, where executing a specially crafted file using the “convert” command allows ASAN to detect memory leaks...

CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin

On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a vulnerable version, as the issue...

PT-2026-38255

Name of the Vulnerable Software and Affected Versions Slider Revolution versions 7.0.0 through 7.0.10 Description Insufficient file type validation in the get media url and check file path functions allows authenticated attackers with subscriber-level access or higher to perform an Arbitrary File...

Exploit for Relative Path Traversal in Fortinet Fortiweb

CVE-2025-64446 - FortiWeb Authentication Bypass Exploit De...

EUVD-2018-8171

Malware in sbrugna...

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +297 more potentially affected by CVE-2025-57347 via dagre-d3-es (>=7.0.10 <=7.0.11)

dagre-d3-es NPM version =7.0.10, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.0.1, =0.15.0, =0.17.1, =0.17.2 - @changmao/reveal-md =6.1.4-chanmao0.0 and more Source cves: CVE-2025-57347 Source advisory: SNYK:JS-DAGRED3ES-13110069...

dagre-d3-es 安全漏洞

dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

Linux Distros Unpatched Vulnerability : CVE-2021-3610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage in coders/tiff.c. This issue is due to an...

PT-2025-2438 · Fortinet · Fortimanager +3

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 6.4.0 through 6.4.14 FortiAnalyzer versions 7.0.0 through 7.0.12 FortiAnalyzer versions 7.2.0 through 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.3 FortiAnalyzer Cloud versions 6.4.1 through 6.4.7 FortiAnalyzer Cloud...

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

BIT-VALKEY-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

PT-2024-2719 · Fortinet · Forticlientlinux

Name of the Vulnerable Software and Affected Versions: FortiClientLinux versions 7.0.3 through 7.0.4 FortiClientLinux versions 7.0.6 through 7.0.10 FortiClientLinux version 7.2.0 Description: An improper control of generation of code 'code injection' in FortiClientLinux allows an attacker to...

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11...

ALSA-2023:5146 Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.22, 7.0.1...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...