82 matches found
UBUNTU-CVE-2026-56376
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...
Synology Assistant 访问控制错误漏洞
Synology Assistant is a network storage device discovery and management tool provided by the Chinese company Synology. Versions of Synology Assistant prior to 7.0.6-50085 contained a access control vulnerability caused by a source verification error. This vulnerability could allow local users to...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick within MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in values that fall outside the range of types float and unsigned char. This likely leads to a disruption in the application...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
Incus 安全漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of YAML files after decompression. This could allow authenticated users to cause...
SUSE CVE-2026-33902
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...
PT-2026-31123
CVE-2026-39484 URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from… https://t.co/omlG1NbySg...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...
ChurchCRM 输入验证错误漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the presence of links throughout the application. When authenticated users accessed and clicked the...
appium 路径遍历漏洞
Appium is an open-source cross-platform application automation testing framework developed by Appium. Versions of Appium prior to 7.0.6 contained a path traversal vulnerability. This vulnerability stemmed from ineffective path traversal checks in the ZIP extraction implementation, which could all...
CVE-2026-25986
CVE-2026-25986 affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. Root cause: a heap buffer overflow in ReadYUVImage() (coders/yuv.c) occurs when processing malicious YUV 4:2:2 (NoInterlace) images, where the pixel-pair loop writes beyond the allocated row buffer. Impact (as stated): a...
CVE-2026-25971
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch...
Lychee 安全漏洞
Lychee is a beautiful and easy to use photo management system from The Lychee Organisation open source. It is used to manage and share photos. A security vulnerability exists in Lychee versions prior to 7.1.0, which stems from an authorization flaw in the album password unlock feature that could...
CVE-2025-67922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
Keyfactor SignServer 安全漏洞
Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...
CVE-2025-67544
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...