ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder...

Improper Validation of Array Index

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection

NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer...

BELL-CVE-2026-6638

Bulletin has no description...

BELL-CVE-2026-6575

Bulletin has no description...

BIT-TOMCAT-2022-25762 Response mix-up with WebSocket concurrent send and close

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

Security update for valkey

This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations...

[SECURITY] Fedora 44 Update: open-amp-2026.04.0-1.fc44

The OpenAMP framework provides software components that enable development of software applications for Asymmetric Multiprocessing AMP systems...

VulnCheck KEV: CVE-2025-1448

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...

CVE-2018-25328

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute...

CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

CVE-2026-8750

CVE-2026-8750 affects h2oai h2o-3 up to version 7402. The vulnerability lies in the ImportFile API’s ImportFile/PersistNFS.java importFiles() function, enabling remote information disclosure due to manipulation of file persistence. Multiple sources (NVD, Red Hat, CVE listings, and PT Security) de...

Alloksoft AVI DivX MPEG to DVD Converter 安全漏洞

Alloksoft AVI DivX MPEG to DVD Converter is a multimedia conversion tool developed by Alloksoft Corporation, capable of converting video formats such as AVI, DivX, and MPEG, as well as creating DVDs. Version 2.6.1217 of Alloksoft AVI DivX MPEG to DVD Converter contains a security vulnerability...

PT-2026-41549

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH...

CVE-2026-6690

creationtimestamp| type| source ---|---|--- 2026-05-16 06:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlx7yjc64q2l 2026-05-16 06:32:07+00:00| seen| https://bsky.app/profile/potato.software/post/3mlx7yjq5xq27...

BELL-CVE-2026-43322 CVE-2026-43322 does not affect BellSoft software

Bulletin has no description...

Kite 代码问题漏洞

Kite is an AI code development tool developed by the Kite company in the United States. Version Kite 4.2.0.1 U1 contains a code vulnerability. This vulnerability stems from an unresolved service path in the KiteService Windows service, which may allow local attackers to gain elevated privileges b...

LayerBB SQL注入漏洞

LayerBB is a set of small-scale forum software. Version 1.1.4 of LayerBB contains an SQL injection vulnerability. This vulnerability stems from SQL injection issues, which may allow unauthenticated attackers to inject SQL code through the searchquery parameter, thereby manipulating database queri...