CVE-2026-48129

Kestra CVE-2026-48129 concerns a path traversal in the task inputFiles feature. Before versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, rendered file names could be prefixed with ../, allowing a caller handling untrusted data or webhook data to create or overwrite files outside the task working direc...

vantage6 node has an Improper Access Control issue

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

GHSA-X9F6-9RVM-MMRG vantage6 node has an Improper Access Control issue

Impact Malicious algorithms can potentially access other algorithms input and output files. Patches Todo Workarounds Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this. References https://docs.vantage6.ai/usage/running-the-node/security F...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the ImportEmbeddedTextures function of the TF File Handler component. An attacker can cause a denial of service by providing specially crafted input files that trigger a null pointer dereference during...

PT-2026-47110

A flaw was found in the opj2 decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault an...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the MeshGeometry process in FBXMeshGeometry.cpp. An attacker can cause the application to crash or become unresponsive by providing specially crafted input files. Remediation There is no fixed version for...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readdirectory function. An attacker can cause a denial of service by providing specially crafted input files that trigger an out-of-bounds read during the parsing process. Remediation A fix was pushed into the...

Use After Free

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Use After Free

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the vipsforeignloadmatrixheader function. An attacker can cause a denial of service by triggering a null pointer dereference during local processing of crafted input files. Remediation A fix was pushed into t...

CVE-2026-26329 OpenClaw has a path traversal in browser upload allows local file read

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

CLSA-2026-1767697963 Fix CVE(s): CVE-2025-11083

SECURITY UPDATE: Heap-based buffer overflow in elfswapshdr function - debian/patches/CVE-2025-11083.patch: Avoid a linker crash by rejecting corrupt section headers in linker input files. Changed elfswapshdrin to return bfdboolean and validate section sizes against file size to detect and reject...

CLSA-2026-1767626154 Fix CVE(s): CVE-2025-11083

SECURITY UPDATE: Heap-based buffer overflow in elfswapshdr function - debian/patches/CVE-2025-11083.patch: Avoid a linker crash by rejecting corrupt section headers in linker input files. Changed elfswapshdrin to return bfdboolean and validate section sizes against file size to detect and reject...

CLSA-2025-1765289777 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

USN-7868-1: Raptor vulnerabilities

Hanno Böck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could use this issue to cause Raptor to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-18926 Hanno Böck discovered that Raptor incorrectl...

EUVD-2019-2692

Malware in sbrugna...

EUVD-2018-13011

Malware in sbrugna...

EUVD-2017-6388

Malware in sbrugna...

EUVD-2019-17098

Malware in sbrugna...