EUVD-2026-22350

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

CVE-2026-0390

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

UEFI Secure Boot Security Feature Bypass Vulnerability

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

[SECURITY] [DLA 4531-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4531-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 14, 2026 https://wiki.debian.org/LTS -...

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a security vulnerability present in the Microsoft Windows Boot Loader. Attackers can exploit this vulnerability to bypass certain functions. The following products and versions are...

Important: gdk-pixbuf2

Issue Overview: A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user...

PT-2026-32952

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1 Description A use-after-free issue exists in the load with gdkpixbuf function within loader.c when the software is built with the --with-gdk-pixbuf2 option. The problem occurs because the cleanup path manual...

Medium: gimp

Issue Overview: A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP's PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory...

PT-2026-32925

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load gif function in fromgif.c, where a single sixel frame t object is reused across all frames of an animated GIF and gif init frame...

Amazon Linux 2 : gdk-pixbuf2, --advisory ALAS2-2026-3240 (ALAS-2026-3240)

The version of gdk-pixbuf2 installed on the remote host is prior to 2.36.12-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3240 advisory. A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-013 (ALASGIMP-2026-013)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-013 advisory. A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP's PCX file loader due to an off- by-one error. A remote...

PT-2026-32716

Name of the Vulnerable Software and Affected Versions Windows Boot Loader affected versions not specified Description Reliance on untrusted inputs in a security decision allows an authorized attacker to bypass a security feature locally. Recommendations At the moment, there is no information abou...

org.webjars.npm:g-status (=2.0.2), org.webjars.npm:graphql-toolkit__git-loader (=0.7.5) potentially affected by CVE-2022-25860 +1 more via org.webjars.npm:simple-git (>=1.129.0 <=1.132.0)

org.webjars.npm:simple-git MAVEN version =1.129.0, =1.132.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:simple-git and may be impacted: - org.webjars.npm:g-status =2.0.2 - org.webjars.npm:graphql-toolkitgit-loader =0.7.5 Source cves...

`pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

SUSE-SU-2026:21104-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...

SUSE-SU-2026:21178-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...

OPENSUSE-SU-2026:20517-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2026-1553)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1553 advisory. In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani...