4
CVE-2026-28688 - ImageMagick has a heap use-after-free in the MSL encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write caβ¦
5.3
CVE-2026-28687 - ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability β¦
6.8
CVE-2026-28686 - ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
7.1
CVE-2026-28494 - ImageMagick affected by stack corruption through long morphology kernel names or arrays
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size β¦
6.5
CVE-2026-28493 - ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerabilityβ¦
2.3
CVE-2026-28433 - Misskey lacks resource ownership validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be relativβ¦
7.1
CVE-2026-28432 - HTTP signature verification can be bypassed
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or β¦
9.2
CVE-2026-28431 - Misskey lacks proper authorization checks and input validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper inβ¦
6.3
CVE-2026-26982 - Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop oβ¦
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malβ¦
8.2
CVE-2026-31802 - node-tar Symlink Path Traversal via Drive-Relative Linkpath
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() β¦