SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

Linux Distros Unpatched Vulnerability : CVE-2026-48156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

EUVD-2026-32913

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

ROS-20260505-73-0058

Vulnerability in python3.12 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- end trace...

Out-of-bounds Read

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Joomla VirtueMart Shopping-Cart 跨站脚本漏洞

Joomla VirtueMart Shopping-Cart is an open-source e-commerce shopping cart and online store management extension for VirtueMart. Version 4.0.12 of Joomla VirtueMart Shopping-Cart contains a cross-site scripting vulnerability, which stems from improper handling of the keyword parameter. This...

osslsigncode 缓冲区错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some of the functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to version 2.12 contained a buffer error vulnerability. This vulnerability stemmed from multiple signature...

EUVD-2026-20207

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through = 2.12...

CVE-2026-39563

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through = 2.12...

PT-2026-31154

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through = 2.12...

CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

WordPress plugin ReviewX 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...