CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

CVE-2026-53426

Summary: CVE-2026-53426 affects the MDEx JSON parser. An attacker-controlled node_type in JSON fed to MDEx.parse_document/2 causes repeated String.to_atom/1 calls via Module.concat/1, creating permanent atoms and eventually exhausting the BEAM atom table. Consequence is unauthenticated denial-of-...

CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

CVE-2026-13573

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

CVE-2026-53265

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

EUVD-2026-40115

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

CVE-2026-13573

CVE-2026-13573 affects the LLVM project (up to 22.1.6), specifically the ValueSymbolTable module’s file lib/IR/ValueSymbolTable.cpp and its function StringMap::insert. The issue is a stack-based buffer overflow introduced in that function, enabling a local attacker to exploit it. The exploit has ...

CVE-2026-13573 llvm llvm-project ValueSymbolTable ValueSymbolTable.cpp insert stack-based overflow

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

CVE-2026-56124 phpUploader < 2.0.2 Unauthenticated Database Exposure via index model

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2026-9233

CVE-2026-9233 affects the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker up to version 11.1.4 . The root cause is an authorization bypass in the AJAX action qsm_insert_quiz_template , allowing authenticated users with contributor-level access and above to create, modif...

EUVD-2026-31691

Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes...

CVE-2026-53053

A flaw was found in the Linux kernel's IOMMU Input/Output Memory Management Unit AMD driver. The clonealias function incorrectly uses the device ID devid when handling alias devices. This can lead to the propagation of wrong or stale Device Table Entry DTE entries to alias devices, potentially...

Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

CVE-2026-52981

A flaw was found in the Linux kernel. The neighxmit function, when called with an uninitialized neighbor table such as NEIGHNDTABLE when IPv6 is disabled, can return an error without properly releasing the allocated skb socket buffer. This can lead to a memory leak, potentially impacting system...

CVE-2026-53020

A flaw was found in the Linux kernel. A race condition can occur during Translation Lookaside Buffer TLB synchronization when the page table is traversed and modified without properly holding the necessary page table lock. This vulnerability may allow for unpredictable system behavior or...

CVE-2026-53109

A flaw was found in the Linux kernel's powerpc page table fragment handling. During process exit, a race condition can occur where a page table fragment's active flag is not properly cleared. This can lead to a "bad page state" error, potentially causing system instability or a Denial of Service...

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...