SUSE-SU-2026:0853-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...

SUSE-SU-2026:0852-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...

SUSE-SU-2026:0851-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer...

OPENSUSE-SU-2026:20337-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can lead to stack overflow bsc1256976. - CVE-2026-23876: ImageMagick: maliciously crafted image can le...

SourceCodester Payroll Management System 代码注入漏洞

SourceCodester Payroll Management System is an open-source payroll management system developed by SourceCodester. Version 1.0 of the SourceCodester Payroll Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file...

SourceCodester Resort Reservation System 代码注入漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System contains a code injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the...

RUSTSEC-2026-0038 RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

Code-Projects Simple Flight Ticket Booking System 代码注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System contains a code injection vulnerability. This vulnerability stems from incorrect operations on the...

SourceCodester Loan Management System 代码注入漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file/index.php, which...

smart-admin 代码注入漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.29 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the file...

PT-2026-24192

Name of the Vulnerable Software and Affected Versions rssn versions prior to 0.2.9 Description The rssn scientific computing library for Rust has an issue in its JIT Just-In-Time compilation engine, which is exposed through the CFFI Foreign Function Interface. Insufficient input validation and...

Wavlink WL-WN579X3-C 代码注入漏洞

Wavlink WL-WN579X3-C is a wireless network extender produced by Wavlink Corporation. The Wavlink WL-WN579X3-C 231124 version has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter Hostname in the file/cgi-bin/adm.cgi, which may lead to cross-site...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability. This vulnerability stems from the handling of the parameter “Name” in the file “singlePageGroup.php”, which may lead to cross-si...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability, which stems from the handling of the Title parameter in the singlePage.php file. This vulnerability may lead to cross-site...

SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞

SourceCodester Web-based Pharmacy Product Management System is an open-source web-based pharmacy product management system developed by SourceCodester. Version 1.0 of the SourceCodester Web-based Pharmacy Product Management System contains a code injection vulnerability. This vulnerability stems...