NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown raw HTML allowed vulnerability discovered by ? in WordPress Npm md-fileserver versions 1.10.3...

CVE-2026-41989 affecting package libgcrypt for versions less than 1.10.3-2

CVE-2026-41989 affecting package libgcrypt for versions less than 1.10.3-2. A patched version of the package is available...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library

Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...

CVE-2026-25541 affecting package netavark for versions less than 1.10.3-7

CVE-2026-25541 affecting package netavark for versions less than 1.10.3-7. A patched version of the package is available...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

DEBIAN-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

UBUNTU-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

YAML 安全漏洞

YAML is a parsing and serialization library developed by Eemeli Aro, which supports YAML 1.1 and 1.2 standards. Versions of YAML prior to 1.10.3 and 2.8.3 contain security vulnerabilities. These vulnerabilities stem from the use of depth-limited recursive function calls during node...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

CVE-2026-25793

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

CVE-2026-25793

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

CVE-2026-25793

Nebula (versions 1.7.0–1.10.2) is vulnerable when CURVE_P256 is used. An ECDSA Signature Malleability flaw allows copying a certificate to produce a different fingerprint, enabling blocklist bypass for fingerprint-based entries. The issue is fixed in version 1.10.3. Impact is described as high (c...

CVE-2026-25793

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

PT-2026-6835

Name of the Vulnerable Software and Affected Versions Nebula versions 1.7.0 through 1.10.2 Description Nebula is a scalable overlay networking tool. When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a...

CVE-2026-24884

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...

compressing 后置链接漏洞

Compressing is a compression and decompression tool library open source from nodemodules. Compressing versions 1.10.3 and earlier, as well as version 2.0.0, have a backlink vulnerability. This vulnerability arises from not verifying the symbolic link targets when extracting TAR archives, which ma...

GHSA-CC8F-XG8V-72M3 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...