Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1500)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1500 advisory. A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image...

Important: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

SUSE CVE-2026-23378

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23378

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23378

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

PT-2026-27743

In the Linux kernel, the following vulnerability has been resolved: net/sched: act ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

salvo 安全漏洞

Salvo is a web framework developed by Salvo OpenSource. Versions of Salvo from 0.39.0 to 0.89.2 have security vulnerabilities. These vulnerabilities stem from the encodeurlpath function in the salvo-proxy component, which fails to normalize the "../sequence", potentially allowing for path travers...

CVE-2026-33242

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...

CVE-2026-33242

The GitHub advisory GHSA-F842-PHM9-P4V4 describes a path traversal in the salvo-proxy component of the Salvo Rust framework (v0.89.2). The root cause is encode_url_path failing to normalize path segments (not re-encoding '.' and not handling '..' safely), allowing an unauthenticated attacker to p...

CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...

CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...

GO-2026-4756 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter in github.com/free5gc/nrf

free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter in github.com/free5gc/nrf...

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server could provide weaker than expected security when using the Security Utility to encode a secret. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security when using the...

OESA-2026-1696 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1695 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1694 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2026-33061

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

Jexpanel 安全漏洞

Jexpanel is a game server management and billing panel developed by Jexactyl. Jexpanel has a security vulnerability, which stems from the use of jsonencode in the wrapper.blade.php template without proper escaping. This could lead to a storage-based DOM cross-site scripting attack...