Uncontrolled Recursion

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Uncontrolled Recursion

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to insufficient validation in the MNG decoder. An attacker can cause excessive resource consumption by submitting specially crafted image files that bypass the intended list limit policy. Remediation A fix was...

CVE-2025-67031

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

Off-by-one Error

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML

Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...

GHSA-97R8-RF7Q-WMJW Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML

Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

SUSE-SU-2026:1935-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty encryptedkey field but key wrapping algorithm set can lead to a denial of service bsc1262936...

SUSE-SU-2026:1934-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Security issues: - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation bsc1265002. - CVE-2026-4892: heap-based out-of-bounds write vulnerabili...

SUSE CVE-2026-8538

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-8553

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-8578 Out of bounds read in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8571 Insufficient policy enforcement in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8552 Heap buffer overflow in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Integration of AI in Cybersecurity: Current Trends with a Focused Look at Intrusion Detection Applications

Artificial Intelligence AI is widely adopted today for its ability to detect patterns, automate tasks, and reduce time and cost across various applications. Its integration into Cybersecurity has garnered significant attention, particularly in areas such as intrusion detection, malware analysis,...

CVE-2026-45339 Open WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...