CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

SUSE-SU-2026:20128-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib gbase64encodestep bsc1246114. - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents...

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2026:0226-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

EUVD-2026-3699

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick has a NULL pointer dereference in the MSL parser when processing tags before any image loads (CVE-2026-23952). Affected: ImageMagick versions 14.10.1 and earlier. Impact: potential DoS through assertion failure (debug builds) or NULL pointer dereference (release). Mitigation: upgrade...

CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42245)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42245 advisory. - In the Linux kernel, the following vulnerability has been resolved: Revert sched/fair: Make sure to try to...

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

CVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

EUVD-2026-3687

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...

NULL Pointer Dereference

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

NULL Pointer Dereference

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...