Astra Linux - уязвимость в firefox, thunderbird, expat

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

Astra Linux - уязвимость в firefox, thunderbird, expat

The lookup function in xmlparse.c within Expat also known as libexpat has an integer overflow before version 2.4.3...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017351 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too fe...

CVE-2026-7179 OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

EUVD-2026-25932

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

PT-2026-35536

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read null terminated string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file name leads to path...

Binwalk 路径遍历漏洞

Binwalk is a fast and easy-to-use tool open sourced by ReFirm Labs. It is used for analysis, reverse engineering, and extracting firmware images. Versions of Binwalk 2.4.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of the parameter self.filena...

EUVD-2026-25150

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...

CVE-2026-25355 WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through 2.4.3...

CVE-2026-25355

The CVE affects WordPress Sanzo theme versions prior to 2.4.3. Root cause: improper neutralization of input during web page generation, enabling stored cross-site scripting (XSS) in Sanzo pages. Impact is characterized as stored XSS with a CVSS v3.1 base score of 6.5 (MEDIUM): network attack comp...

PT-2026-27916

Name of the Vulnerable Software and Affected Versions skygroup Sanzo versions prior to 2.4.3 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential cross-site scripting XSS issue. Specifically, the vulnerability allo...

WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sanzo versions 2.4.3...

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

RHSA-2026:2823 Red Hat Security Advisory: Updated discovery-cli release RPM versions 2.4.3

Bulletin has no description...

CVE-2026-25804

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies wi...

CVE-2026-25804

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies wi...

CVE-2026-25804 Antrea has invalid enforcement order for network policy rules caused by integer overflow

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies wi...