Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

MAL-2026-1229 Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

MAL-2026-1231 Malicious code in @schedaero/shared (npm)

Malicious package due to suspicious URL, data exfiltration, forced process exit, preinstall script execution. Impersonating legit schedaero.com. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fde30d72c136b3e78352eecc9a614e37d812dc136aca7d2c685f2bdafd305207 The...

SUSE CVE-2026-25898

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

CVE-2025-14963

CVE-2025-14963 involves the Trellix HX Agent driver file fekern.sys. The vulnerability enables a local user to obtain elevated privileges by leveraging a Bring Your Own Vulnerable Driver (BYOVD) to access the lsass.exe memory. The description notes that the vulnerable driver installed in a system...

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

GHSA-VPXV-R9PG-7GPR ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger ...

GHSA-GM37-QX7W-P258 ImageMagick: Possible memory leak in ASHLAR encoder

A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. ==880062== Memcheck, a memory error detector ==880062== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...

DEBIAN-CVE-2026-25898

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

UBUNTU-CVE-2026-25898

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SVG decoding process. An attacker can cause excessive memory consumption and process termination by submitting a specially crafted SVG image file. Remediation A fix was pushed...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the -extract process when the specified dimensions exceed those set by -size. An attacker can access sensitive information by submitting specially crafted image files that trigger out-of-bounds memory reads...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...