Linux Distros Unpatched Vulnerability : CVE-2026-5201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color...

stb 安全漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 2.30 contained security vulnerabilities, which stemmed from incorrect operations on the stbigifloadnext function in the stbimage.h file, potentially leading to heap buffer overflows...

gdk-pixbuf 安全漏洞

gdk-pixbuf is an open-source image loading library developed by GNOME. gdk-pixbuf has a security vulnerability that stems from the improper validation of color component counts during the processing of specially crafted JPEG images by the JPEG image loader. This can lead to a heap buffer overflow...

PT-2026-29202

A security flaw has been discovered in Nothings stb image up to 2.30. This affects the function stbi gif load next of the file stb image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has...

EUVD-2026-17119

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

Directory Traversal

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Directory Traversal via the JSON loader tool due to lack of path validation. An attacker can access arbitrary files on the server by supplying crafted file paths. Details A Directo...

CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285 CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285

CrewAI CVE-2026-2285 is an arbitrary local file read vulnerability in the JSON loader tool, caused by lack of path validation in the loader. Affected ecosystem details indicate affected crewai-tools transitive deps (crewai-tools >=0.13.2,

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings venv-salt-minion: Fix the typo causing buiding EL9 bundle without binary dependencies Backport security patches for Salt vendored tornado: CVE-2025-67724: missing validation of supplied reason phrase...

SUSE-SU-2026:1142-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: - Version 5.2.3-0 Disable build for SLES 16 rhnlib: - Version 5.2.4-0 Disable build for SLES 16 spacecmd: - Version 5.2.6-0 Update translation strings spacewalk-client-tools: - Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: - Version...

SUSE-SU-2026:1141-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

PT-2026-29206

Name of the Vulnerable Software and Affected Versions gdk-pixbuf affected versions not specified Description A flaw exists in the gdk-pixbuf library within the JPEG image loader. This heap-based buffer overflow occurs due to improper validation of color component counts when processing a speciall...

PT-2026-29049

Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description The software contains a flaw where the JSON loader tool reads files without proper path validation. This allows unauthorized access to files on the server. The issue involves an arbitrary loca...

OPENSUSE-SU-2026:10460-1 gdk-pixbuf-loader-libheif-1.21.2-2.1 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.21.2-2.1 package on the GA media of openSUSE Tumbleweed...

openSUSE 16 Security Update : exiv2 (openSUSE-SU-2026:20410-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20410-1 advisory. Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service...

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:1117-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1117-1 advisory. Update to python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injectio...

GHSA-89V5-38XR-9M4J Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader

Summary Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection. Vulnerable Code 1. Webhook Send Endpoint Most Critical apps/backend/src/api/routes/webhooks.controller.ts lines 58-70: typescript async sendWebhook@Body...

Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader

Summary Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection. Vulnerable Code 1. Webhook Send Endpoint Most Critical apps/backend/src/api/routes/webhooks.controller.ts lines 58-70: typescript async sendWebhook@Body...