Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/i8259: The legacy PIC interrupts have been marked with the IRQLEVEL flag. Baoquan reported that after triggering a crash, the subsequent boot process fails about half of the time. This occurs due to a NULL pointer dereference...

CVE-2026-20181

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

PT-2026-50459

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Improper authorization checks when accessing a resource could allow an unauthenticated, remote attacker to view sensitive information on an...

CVE-2016-20078 WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

CVE-2026-36796

CVE-2026-36796 affects Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware v15.11.0.5. The issue is a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function, enabling a remote attacker to trigger Denial of Service via a crafted HTTP request. CVSS v3.1 metrics indicat...

PT-2026-41666

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic filename results in path traversal. The attack may be launched remotely. The patch is...

Open Source Point of Sale 路径遍历漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier have a path traversal vulnerability. This vulnerability arises from the operation of the getPicThumb function in the...

SUSE CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the softimageinput.cpp process when handling RLE decoding. An attacker can cause a heap buffer overflow by submitting a crafted .pic file with a manipulated run length value that exceeds the scanline width...

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

DEBIAN-CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

UBUNTU-CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

EUVD-2026-30392

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

CVE-2026-43904

OpenImageIO prior to 3.0.18.0 and 3.1.13.0 has a heap overflow in the RLE decoder for the Softimage PIC path (softimageinput.cpp:469 and :345) because run length is not clamped to scanline width before writing pixels. The raw packet path clamps correctly, but the RLE paths do not, allowing a craf...

CVE-2026-43904 OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29090 via rucio (=1.30.5)

rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29090 Source advisory: OSV:GHSA-6J7P-QJHG-9947...

pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29090 via rucio (=1.30.5)

rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29090 Source advisory: SNYK:PYTHON-RUCIO-16635087...

pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29080 via rucio (=1.30.5)

rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29080 Source advisory: OSV:GHSA-VJR5-C9QV-HGM3...