CLSA-2026-1775725743 ImageMagick: Fix of 3 CVEs

CVE-2025-66628: fix integer overflow in TIM parser - CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28693: fix integer overflow in DIB coder...

RLSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

CVE-2026-40025

A flaw was found in The Sleuth Kit. An attacker can exploit this vulnerability by crafting a malicious Apple File System APFS disk image. This flaw allows for an out-of-bounds read in the APFS filesystem keybag parser, specifically within the wrappedkeyparser class, due to a lack of bounds checki...

CVE-2026-40026

A flaw was found in The Sleuth Kit's ISO9660 filesystem parser. An attacker can craft a malicious ISO image that exploits an out-of-bounds read vulnerability in the parsesusp function. This vulnerability occurs because the function trusts length fields from the disk image without proper validatio...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

RLSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStream...

EUVD-2026-20765

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

EUVD-2026-20761

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

js-video-url-parser 安全漏洞

js-video-url-parser is a JavaScript library developed by Julian Hangstörfer for parsing video URL information. Versions of js-video-url-parser 0.5.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the handling of the timestamp parameter in the getTime function in the...

RockyLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:6259)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6259 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

Linux Distros Unpatched Vulnerability : CVE-2026-40026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, a...

SUSE CVE-2026-33033

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

SUSE CVE-2026-34080

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

CVE-2026-40027

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

DEBIAN-CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

UBUNTU-CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...