CVE-2026-11362 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

CVE-2026-11362

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016493 advisory. OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority tha...

OESA-2026-2188 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

CLSA-2026-1777296725 Fix CVE(s): CVE-2026-35414

SECURITY UPDATE: mishandling of authorizedkeys principals option - debian/patches/CVE-2026-35414.patch: replace matchlist with xstrdup + strsep + exact strcmp in matchprincipalsoption in auth2-pubkey.c, so certificate principals containing embedded commas are no longer wrongly cross-matched. -...

JLSEC-2026-78

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

Security update for uriparser

This update for uriparser fixes the following issues: CVE-2025-67899: large input containing many commas can cause unbounded recursion and stack consumption bsc1255000. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

UBUNTU-CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ParseMustBeSegmentNzNc function when processing large input containing many commas. An attacker can cause excessive stack consumption and application crash by supplying specially crafted input. Remediation...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-917)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-917 advisory. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the...

PT-2025-51176

Name of the Vulnerable Software and Affected Versions uriparser versions through 0.9.9 Description The software is susceptible to an issue involving unbounded recursion and stack consumption. This occurs when processing large inputs containing numerous commas, specifically when using the...

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART3.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

Microsoft Windows Defender - VBScript Detection Bypass Vulnerability

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...

Windows Defender Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

The vulnerability of the SAP BusinessObjects BW Publisher Service software integration platform lies in the lack of commas in the syntax of elements or search paths, which allows attackers to exploit this to increase their privileges.

The vulnerability of the SAP BusinessObjects BW Publisher Service software integration platform is related to the absence of commas in the syntax of elements or search paths. Exploiting this vulnerability can allow attackers to enhance their privileges...

Siemens network software vulnerabilities, related to the lack of commas in the syntax of elements or search paths, allow attackers to execute arbitrary code with elevated privileges.

The vulnerability of Siemens network software is related to the absence of commas in the syntax of elements or search paths. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

The vulnerability of TeamViewer’s remote control software lies in the lack of commas in the syntax of certain elements or search paths. This allows a hacker to intercept the administrator’s password hash.

The vulnerability of TeamViewer’s remote control software lies in the lack of commas in the syntax of certain elements or search paths. Exploiting this vulnerability allows a malicious actor to intercept the administrator’s password hash...

Regular Expression Denial Of Service (ReDoS)

brace-expansion is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string containing a large amount of commas to cause the package to hang...