Vulnerabilities in libxml2 (CVE-2026-0989 CVE-2026-0990 CVE-2026-0992) affect AIX

IBM SECURITY ADVISORY First Issued: Thu May 28 14:13:09 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory11.asc Security Bulletin: Vulnerabilities in libxml2 CVE-2026-0989, CVE-2026-0990, CVE-2026-0992,...

Low Photon OS Security Update - PHSA-2026-4.0-0990

Updates of 'python3' packages of Photon OS have been released...

Slackware: Security Advisory (SSA:2026-070-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:20631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2026:0605-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0605-1 advisory. - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in...

openSUSE Security Advisory (SUSE-SU-2026:0570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

Ubuntu: Security Advisory (USN-7974-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

EUVD-2026-0990

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2021-0990

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...

CVE-2025-0990

The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...

CVE-2025-0990

The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...

CVE-2025-0990

creationtimestamp| type| source ---|---|--- 2025-03-05 08:35:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6511 2025-03-06 02:16:26+00:00| seen| Telegram/xy9gZIc7lCDUtGezuTRUJBjPj6V-fKNqjX0EnHnTyDuFb0Pn...

CVE-2025-0990 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery

The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23gloriasettingspage function. This makes it possible for unauthenticated attackers to reset the tenan...

CVE-2022-0990

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...

Important: Red Hat Security Advisory: rh-postgresql12-postgresql security update

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-0990 Tenda i6 httpd setAutoPing formSetAutoPing stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.93857. This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attac...

CVE-2024-0990

The CVE-2024-0990 entry describes a stack-based buffer overflow in Tenda i6 1.0.0.9(3857) affecting the httpd component, specifically the formSetAutoPing function in /goform/setAutoPing. The vulnerability stems from improper validation of the ping1 parameter, enabling remote exploitation and pote...

CVE-2017-0990

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...