These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-44932 is a HIGH severity vulnerability with a CVSS score of 8.8. The vulnerability exists in the wicked DHCP client before version 0.6.79, where unsanitized strings from DHCP replies can be used by attackers operating a malicious DHCP server to execute code on the local machine. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2025-71261 is a high-severity vulnerability in SUSE Harvester that allows an attacker with network-level access between the SUSE Virtualization and Rancher Manager to interfere with the TLS handshake and bypass TLS as a security control. The vulnerability has a CVSS score of 8.6 and is classified as HIGH.
CVE-2026-44933 describes a weakness in PluginScript’s attempt to chroot plugins to repoManagerRoot. In common configurations, that target may be the system root (/), or the process may be run with --root, making the chroot ineffective. When the chroot is a no-op, traversed paths may reach host binaries such as /bin/bash and execute them with root privileges. NVD currently lists the vulnerability as Deferr [truncated]
CVE-2026-41054 is a local privilege-escalation issue in the command-socket handling path described for src/havegecmd.c. According to the NVD record, the code checks the connecting user on the abstract UNIX socket and prepares a negative acknowledgement for non-root callers, but execution continues into the command switch anyway. That means an unprivileged local user may be able to reach privileged command [truncated]
CVE-2016-2318 describes a denial-of-service condition in GraphicsMagick 1.3.23 triggered by crafted SVG content. NVD records the weakness as CWE-476 (NULL pointer dereference) and rates the issue CVSS 3.0 5.5/Medium. The CVE data ties the issue to SVG parsing/rendering paths including DrawImage, SVGStartElement, and TraceArcPath. Systems that process untrusted SVG files through affected GraphicsMagick bui [truncated]
CVE-2016-2317 is a denial-of-service vulnerability in GraphicsMagick 1.3.23 caused by multiple buffer overflows while processing crafted SVG content. The issue is described as affecting the TracePoint function in magick/render.c, GetToken in magick/utility.c, and GetTransformTokens in coders/svg.c. According to the NVD record, the impact is availability-only (CVSS 5.5, medium), and the published CVSS vect [truncated]