Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fixed encoder-possibleclones. The encoder itself should be included in its possibleclones bitmask. In the past, nothing ensured that drivers correctly populated possibleclones; this has changed in the commit...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for an over-reading of the buffer at ffgradfunblurlinemovdqasse2, as demonstrated by a call to the setencoderid function in the /fftools/ffmpegenc.c component...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

Astra Linux - уязвимость в ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, decompress and decode it into the buffer td-rlerawdata of size rlerawsize a...

Astra Linux - уязвимость в openjpeg2

There is a flaw in openjpeg in versions prior to 2.4.0, located in src/lib/openjp2/pi.c. When an attacker can provide crafted input that is processed by the openjpeg encoder, it may lead to an out-of-bounds read. The most significant impact of this flaw is the application’s availability...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intelgetcrtcnewencoder less oops-oriented. The purpose of the WARN message was to print something, not to simply report an “oops” error. Currently, this exactly happens when we cannot find the Crtc connector in the...

CLSA-2026-1777542477 Fix CVE(s): CVE-2026-28690

SECURITY UPDATE: stack buffer overflow in MNG/JNG encoder — missing NULL check after ImageToBlob in WriteOneJNGImage could propagate a NULL blob pointer into later stack buffer operations GHSA-7h7q-j33q-hvpf. - debian/patches/CVE-2026-28690.patch: bail out of WriteOneJNGImage when ImageToBlob...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1611)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1611 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions...

CLSA-2026-1777478310 ImageMagick: Fix of CVE-2026-40169

CVE-2026-40169: fix out-of-bounds heap write in JSON encoder montageDirectory loop...

CLSA-2026-1777477457 ImageMagick: Fix of CVE-2026-40169

CVE-2026-40169: fix out-of-bounds heap write in JSON encoder montageDirectory loop...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015449)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015449 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build...

CLSA-2026-1777395318 ImageMagick: Fix of 2 CVEs

CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9 - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define...

CLSA-2026-1777395036 ImageMagick: Fix of 2 CVEs

CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9 - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define...

CLSA-2026-1777394326 ImageMagick: Fix of 2 CVEs

CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9 - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define...

CVE-2026-5306

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

CVE-2026-5306 Check & Log Email < 2.0.13 - Unauthenticated Stored XSS

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

CVE-2026-5306 Check & Log Email < 2.0.13 - Unauthenticated Stored XSS

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

CVE-2026-5306

CVE-2026-5306 : The WordPress plugin “Check & Log Email” is affected by a stored XSS in versions prior to 2.0.13 due to improper email replacement handling when the email encoder setting is enabled. This allows unauthenticated users to inject scripts via email content. Affected software: Check & ...

EUVD-2026-25995

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...