CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had an issue with incorrect parsing of filenames, which could lead to a policy bypass and reading disallowed files using symlinks.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had a missing check of a return value, which could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 had a stack overflow vulnerability due to a missing depth or visited-set check in MVG files. This issue has been patched in the mentioned versions.
ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 contained a flaw that could lead to an infinite loop during the subimage-search operation when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
ImageMagick prior to version 7.1.2-24 has a heap buffer over-write vulnerability when using an image with a mask with the Floyd-Steinberg dithering method.
Dulwich, a pure-Python implementation of Git file formats and protocols, has a vulnerability that allows a client with push access to send a small crafted pack, leading to the allocation of a huge amount of memory. The issue affects versions from 0.1.0 to 1.2.5 and is patched in version 1.2.5.
Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers. In versions 0.8.2 and prior, Boxlite uses the SIGALRM signal to terminate processes after a timeout, which can be exploited by malicious code to continue running, leading to resource exhaustion.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to cause a heap buffer over-read in the server process if they could connect to a magick -distribute-cache service.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 had a distributed pixel cache that operated without a challenge-response authentication model. Changes have been made in newer versions to enhance security.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to hijack a file descriptor in the server process when a race condition occurred. This issue has been patched in the mentioned versions.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to perform a heap buffer over-write in the server process if they had access to the magick -distribute-cache service.
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check, allowing authenticated users to access model data despite restrictions set by developers.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a flaw in JP2 checking that could lead to a heap buffer over-write of a single byte when certain options were specified. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
ImageMagick prior to version 7.1.2-23 has a vulnerability that can lead to a stack overflow in the fx operation due to a missing depth check when passing a crafted argument.
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed for an out of bounds write when using LZMA compression in the MIFF encoder due to a missing check.
In the Yamcs framework, prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in the `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
Simple Link Directory version 9.0.4 improperly processes shortcode attributes, leading to their reflection in HTML data attributes without proper escaping. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.
Simple Link Directory version 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload can break out of the string and run script for every page visitor.
The Yoast Duplicate Post plugin up to version 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.

