CVE-2026-33908 ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

CVE-2026-33902 ImageMagick: Stack Overflow via Recursive FX Expression Parsing

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

CVE-2026-40087

A flaw was found in LangChain. A missing validation of f-string prompt templates in some classes, specifically in DictPromptTemplate and ImagePromptTemplate, can cause the evaluation of attribute access or indexing expressions during template formatting. Also, f-string validation based on parsed...

SUSE-SU-2026:21178-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...

PT-2026-32528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description ImageMagick is software used for editing and manipulating digital images. The DestroyXMLTree function frees the memory of the XML tree recursively witho...

Amazon Linux 2023 : python3-pyasn1, python3-pyasn1-modules (ALAS2023-2026-1538)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1538 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 and 6.9.13-44 contained security vulnerabilities. These vulnerabilities were due to a stack...

EUVD-2026-21407

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

CVE-2026-40087

LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...

CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

Regular Expression Denial of Service (ReDoS)

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options when used with RegExp objects and RegExp is configured with nest...

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

PT-2026-31716

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...