Lucene search
+L

182 matches found

OSV
OSV
added 3 days ago4 views

MGASA-2026-0252 Updated imagemagick packages fix security vulnerabilities

The updated packages fix numerous security vulnerabilities: Code injection in HTML encoder due to incomplete fix of CVE-2026-25797. CVE-2026-25797 Heap Buffer Underwrite in Floyd-Steinberg depth dithering. CVE-2026-48724 Infinite Loop in subimage-search with crafted image. CVE-2026-48733 Stack...

7.5CVSS6.1AI score0.00353EPSS
Exploits0References43
EUVD
EUVD
added 2026/07/06 8:24 p.m.8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/07/03 3:2 a.m.6 views

SUSE CVE-2026-55577

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

5.9CVSS6.1AI score0.00226EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-56137

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS0.00677EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 6:2 a.m.21 views

CVE-2026-56137

RPG MAKER MV and MZ (Gotcha Gotcha Games Inc.) have an OS command injection vulnerability. When a user loads a specially crafted save-file, arbitrary OS commands may be executed. Affected components and root cause are stated as OS command injection, with high impact (CVE-2026-56137). The supplied...

8.4CVSS7.2AI score0.00677EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 6:2 a.m.7 views

CVE-2026-56137

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS7.2AI score0.00677EPSS
Exploits0References4Affected Software2
Securelist
Securelist
added 2026/06/03 9:0 a.m.38 views

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1640)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1640 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/24 7:16 p.m.10 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.2AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.10 views

GHSA-957R-R8GC-VV3H uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 6:31 p.m.7 views

GHSA-M976-87WM-48FM uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-24984

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-25010

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-66FX-FQV6-5WWX Duplicate Advisory: uutils coreutils has a Link Following issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has a Link Following issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.5AI score0.00091EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35354

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS0.00091EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS0.00132EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.13 views

CVE-2026-35354

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
Rows per page
Query Builder