Lucene search
K

33 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40450

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 10:8 p.m.8 views

CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:8 p.m.26 views

CVE-2026-56377

ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy was enforced on the raw filename string before the filesystem resolved it. As a result, policy rules such as /etc/ could be...

8.6CVSS7.2AI score0.00671EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 9:45 p.m.11 views

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 9:45 p.m.4 views

GHSA-J7H9-2JH7-G967 mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

8.7CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36919

Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.1 Description The normalize and equal functions decode percent-encoded path separators and dot segments before performing dot-segment removal. This causes encoded path data to be treated as actual slashes and...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References251
Snyk
Snyk
added 2026/03/10 9:2 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.2CVSS5.8AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the FileToBlobI function, involving path policy enforcement. An attacker can perform a symlink swap after authorization on a domain="path" to bypass access restrictions. Remediation A f...

7.2CVSS5.8AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.2CVSS5.9AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

7.2CVSS5.8AI score0.00108EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 9:2 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.2CVSS5.9AI score0.00108EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/10 9:2 p.m.5 views

ImageMagick has a Path Policy TOCTOU symlink race bypass

domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References4Affected Software19
OSV
OSV
added 2026/03/10 9:2 p.m.2 views

GHSA-493F-JH8W-QHX3 ImageMagick has a Path Policy TOCTOU symlink race bypass

domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References4
OSV
OSV
added 2026/03/10 7:43 a.m.5 views

UBUNTU-CVE-2026-28689

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/09 9:39 p.m.2 views

CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 9:39 p.m.44 views

CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:39 p.m.59 views

CVE-2026-28689

ImageMagick contains a TOCTOU path policy bypass: a symlink swap between check-time and use-time can bypass domain="path" policy checks, enabling unintended read/write. Affected versions are prior to 7.1.2-16 and 6.9.13-41. The CVSS vector indicates LOCAL, LOW privileges, HIGH confidentiality/int...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/09 9:39 p.m.2 views

CVE-2026-28689

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS5.8AI score0.00108EPSS
Exploits0
OSV
OSV
added 2026/03/09 9:39 p.m.5 views

CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS5.8AI score0.00108EPSS
Exploits0References3
Rows per page
Query Builder