CVE Vulnerabilities - 12 March 2026

ImageMagick's YUV decoder can crash or leak memory

CVE-2026-25986 GHSA-mqfc-82jx-3mr2

A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel...

5.3

ImageMagick SIXEL File Processing Can Cause Data Loss

CVE-2026-25970 GHSA-xg29-8ghv-v4xr

A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when proc...

5.3

GPAC SVG Parser Can Write Outside Its Memory Limits

CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/loa...

4.8

GPAC TeXML File Parser Allows Local Attackers to Crash the Program

CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component Te...

4.8

mold Compiler: Potential Code Execution Risk

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the fil...

5.3

Rui314 Mold through 2.40.4 allows local attackers to crash the program

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the fil...

4.8

QuickJS up to 0.12.1 allows local attackers to crash the system

CVE-2026-3979

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation...

4.8

yauzl Library for Node.js Can Crash from Malformed Zip File

CVE-2026-31988 GHSA-gmq8-994r-jv83

yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within ...

6.9

Mirror Registry lets attackers access internal systems with fake URLs

CVE-2026-2376

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by provi...

4.9

Inspektor Gadget: Data Loss When Ring Buffer is Full

CVE-2026-31890

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to...

4.8

OpenClaw: Bypassing Gateway Authentication for Plugin Channels

GHSA-8j2w-6fmm-m587

### Summary Gateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler ...

4.8

StudioCMS: Admins Can Create Additional Admin Accounts

CVE-2026-32106 GHSA-wj56-g96r-673q

## Summary The REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts, while the Dashboard API uses `...

4.7

Trix Editor Allows Malicious Code to Run in User Session

GHSA-qmpg-8xg6-ph5q

### Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a `data-trix-serialized-attributes` attribute bypasses the ...

4.6

Backstage Scaffolder Backend: Default Environment Secrets Leak

GHSA-8wq8-6859-qx77 CVE-2026-32237

### Impact ...

4.4

ImageMagick: Out of bounds read when blurring images

CVE-2026-30935 GHSA-cqw9-w2m7-r2m2

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` oper...

4.4

Apache HTTP Server mod_proxy_cluster CRLF Injection via INFO Endpoint

CVE-2026-3234

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote ...

4.3

itsourcecode Payroll Management System: Employee Deductions Manipulation Risk

CVE-2026-3993

A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_...

5.3

CesiumJS: Sandcastle Demo Code Exposes Users to Remote Attacks

CVE-2026-3990

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcast...

5.3

Reading progressbar WordPress Plugin: Admin Privileges Exploit via Stored Malicious Code

CVE-2026-2687

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such a...

4.3

Unauthenticated users can change booking status in Timetics WordPress plugin

CVE-2025-15473

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a bo...

4.3

itsourcecode University Management System: Remote Code Execution through /view_result.php

CVE-2026-3982

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the fil...

5.3

LearnPress – WordPress LMS Plugin: Unauthorized Email Notifications

CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability check...

4.3

GitLab: Authenticated users may access confidential issue titles in public projects

CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could h...

4.3

ImageMagick MSL encoder can cause data corruption or crashes

CVE-2026-28688 GHSA-xxw5-m53x-j38c

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so ...

4.0

ProjectSend has a path traversal vulnerability in Delete Handler

CVE-2026-4044

A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Ha...

5.1