23 matches found
CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...
CVE-2026-41250
Summary: CVE-2026-41250 affects Taiga-front prior to version 6.9.1, where a stored XSS vulnerability exists. The issue is fixed in 6.9.1. The provided CVSS metrics indicate a base score of 5.7 (Medium) with network access, low attack complexity, required user interaction, and high confidentiality...
CVE-2026-41250
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
Taiga 跨站脚本漏洞
Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...
CVE-2026-33123
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...
Linux Distros Unpatched Vulnerability : CVE-2026-33123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or...
pypdf has inefficient decoding of array-based streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. Patches This has been fixed in pypdf==6.9.1. Workarounds If you cannot upgrade yet, consider applying the...
PYSEC-2026-117
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...
CVE-2026-21886
OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...
CVE-2026-21886
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...
BIT-WORDPRESS-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-28692
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...
CVE-2025-66428
An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...
WebPros WordPress Toolkit security vulnerabilities
The WebPros WordPress Toolkit is a WordPress management platform provided by the Swiss company WebPros. Versions of the WebPros WordPress Toolkit prior to 6.9.1 contained security vulnerabilities; these vulnerabilities were caused by issues with the WordPress directory names, which could lead to...
CVE-2025-47566
CVE-2025-47566 refers to a Cross‑Site Scripting vulnerability in the ZoomSounds WordPress plugin. The description and connected docs confirm it is a Reflected XSS caused by improper neutralization of input during web page generation, affecting ZoomSounds:
OESA-2025-2494 qt5-qtimageformats security update
The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...
CVE-2025-24525
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...
CVE-2025-24525
CVE-2025-24525 affects Keysight Ixia Vision Product Family. The issue arises from hardcoded cryptographic material, which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the TLS certificate shipped with the device is not replaced. ...
PT-2025-40033
Name of the Vulnerable Software and Affected Versions Keysight Ixia Vision versions prior to 6.9.1 Description Keysight Ixia Vision contains hardcoded cryptographic material. This may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication. The...
CVE-2025-47568
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91...