CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick has a stack write buffer overflow in MNG encoder. CVE-2026-28690 GraphicsMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder. CVE-2026-30883...

EUVD-2026-15457

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

SUSE CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15409)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which is caused due to insufficient policy enforcement in PDF, and can be exploited by attackers to bypass security restrictions...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from specially crafted TIFF files that may cause excessive memory allocation during image...

PT-2026-28086

Name of the Vulnerable Software and Affected Versions LibTIFF affected versions not specified Description A specially designed TIFF file can trigger an out-of-memory error or excessive resource usage during image decoding. The issue arises from the image decoding process attempting to allocate up...

CVE-2026-26830

Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2026-32647

Summary: NGINX Open Source and NGNIX Plus may be affected when built with the ngx_http_mp4_module and using the mp4 directive. The issue is a vulnerability in the module that can trigger a buffer over-read or over-write in the worker memory, potentially terminating the worker or enabling code exe...

CVE-2026-33298

A flaw was found in llama.cpp. A remote attacker could exploit an integer overflow vulnerability in the ggmlnbytes function by crafting a malicious GGUF GGML Universal Format file with specific tensor dimensions. This flaw causes the ggmlnbytes function to return an incorrect size, leading to a...

EUVD-2026-14784

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509

The CVE affects the CODESYS Control runtime system Audit Log component, where an unauthenticated remote attacker can influence the format string of messages. This leads to a Denial of Service (DoS). Exploitation is reported over the network with no privileges and no user interaction required; imp...

CVE-2026-3509 CODESYS Control Audit Log Format String DoS

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509 CODESYS Control Audit Log Format String DoS

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...