Lucene search
K

387 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-61858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-61858

A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...

5.3CVSS6AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 4 days ago5 views

DEBIAN-CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43187

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-61858 ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-61858 ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-61858

CVE-2026-61858 concerns ImageMagick prior to 7.1.2-26, where a policy bypass vulnerability exists in the APNG encoder and external delegates due to missing validation checks. Attackers can bypass policy restrictions during APNG encoding and write files to disallowed paths. The provided documents ...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/07 4:3 p.m.8 views

PYSEC-2026-1448 libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

4.5CVSS6AI score0.00166EPSS
Exploits0References16
OSV
OSV
added 2026/07/01 7:16 p.m.3 views

DEBIAN-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:16 p.m.4 views

UBUNTU-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/01 6:16 p.m.5 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0
OSV
OSV
added 2026/07/01 6:16 p.m.5 views

CVE-2026-55628 ImageMagick: Policy Bypass in concatenate operation due to missing checks

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40450

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54857

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description The -concatenate operation lacks necessary policy checks. This flaw allows the software to read from and write to file paths that are explicitly disallowed by the security policy, enabling a...

5.5CVSS6AI score0.00111EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:11 a.m.8 views

CVE-2026-50741

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS7.2AI score0.02734EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 9:53 p.m.2 views

GHSA-XCJM-WQFF-M669 ImageMagick: Policy Bypass can read disallowed files via symlink

An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:31 p.m.4 views

GHSA-QHMF-XW27-6RQR MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

Summary MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic typ...

6.3CVSS5.9AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 7:0 p.m.4 views

CVE-2026-44990

A flaw was found in the sanitize-html library. Under its default configuration, an attacker can embed malicious content within a disallowed xmp element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting XSS. Successful...

9.3CVSS6.3AI score0.00397EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:5 p.m.5 views

EUVD-2026-39468

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-46348

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...

8.7CVSS0.00337EPSS
Exploits0References1
Rows per page
Query Builder