ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: xml However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of...

CVE-2026-25966

CVE-2026-25966 concerns ImageMagick’s security policy bypass via fd: pseudo-filenames (e.g., fd:0, fd:1). Prior to 7.1.2-15 and 6.9.13-40, the policy did not block this path form, allowing potential local access to stdin/stdout. A patch was added to more secure policies by default in 7.1.2-15/6.9...

CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior...

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior...

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

EUVD-2017-9090

Malware in sbrugna...

EUVD-2024-51761

Malicious code in bioql PyPI...

EUVD-2024-50563

Malicious code in bioql PyPI...

EUVD-2024-42720

Malicious code in bioql PyPI...

EUVD-2023-43070

Malicious code in bioql PyPI...

EUVD-2024-19629

Malicious code in bioql PyPI...

EUVD-2022-38145

Malicious code in bioql PyPI...

EUVD-2025-24257

Malicious code in bioql PyPI...

EUVD-2025-24255

Malicious code in bioql PyPI...

EUVD-2025-20509

Malicious code in bioql PyPI...

EUVD-2024-38337

Malicious code in bioql PyPI...

EUVD-2025-24254

Malicious code in bioql PyPI...

EUVD-2024-26222

Malicious code in bioql PyPI...

EUVD-2025-27284

Malicious code in bioql PyPI...