GHSA-XWC6-V6G8-PW2H ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: xml However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of...

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

Infinite loop

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Infinite loop

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in ProcessMSLScript. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted Magick Scripting Language MSL file that triggers infinite recursion, resulting in a stack overflow...

GHSA-R4MG-4433-C7G3 Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

PT-2025-33109

Name of the Vulnerable Software and Affected Versions: Active Storage versions 5.2.0 through 8.0.2.1 Description: Active Storage allows the use of potentially unsafe image transformation methods and parameters by default. This can lead to command injection vulnerabilities when arbitrary...

WordPress 4.5.2 Security Release

WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result, WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing...