SUSE-SU-2026:0073-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. - CVE-2025-68950: check for circular references in mvg files may lead to stack overflow bsc1255822. - CVE-2025-69204: an integer overflow can lead to a DoS...

Uncontrolled Recursion

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2025-68950

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file wi...

CVE-2025-9703

CVE-2025-9703 describes a Cross-Site Scripting vulnerability in The Ultimate Addons for Elementor (Lite and related) WordPress plugin prior to version 2.5.0. The issue arises because SVG file contents uploaded via the xmlrpc.php endpoint using base64 encoding are not sanitized, allowing injection...

ROS-20250821-08

A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...

WordPress mFolio Lite plugin <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files vulnerability

Missing Authorization to Authenticated Author+ File Upload via EXE and SVG Files vulnerability discovered by Francesco Carlucci in WordPress Plugin mFolio Lite versions = 1.2.1...