OSV-2026-879 Heap-use-after-free in lsr_restore_base

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520664955 Crash type: Heap-use-after-free READ 8 Crash state: lsrrestorebase lsrreadpolygon lsrreadscenecontentmodel...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

📄 Cockpit CMS 2.13.5 Cross Site Scripting

Cockpit CMS version 2.13.5 suffers from a persistent cross site scripting vulnerability in the content model display template. The $interpolate function in /modules/App/assets/js/app/utils.js uses new Function to evaluate template strings, allowing arbitrary JavaScript execution. Any authenticate...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the convcontentmodel function when parsing an inline document type definition containing a deeply nested content model. An attacker can cause a stack overflow and crash the process by providing specially crafte...

CVE-2026-4224

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash. Mitigation Mitigatio...

EUVD-2026-12486

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

ALPINE-CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

UBUNTU-CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

PSF-2026-12

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

PT-2026-25791

Name of the Vulnerable Software and Affected Versions Expat affected versions not specified Description The Expat parser, when used with a registered ElementDeclHandler, is susceptible to a C stack overflow when processing an inline document type definition with a deeply nested content model. Thi...

EUVD-2014-9324

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-44856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow vi DFAContentModel::countLeafNodes and DFAContentModel::buildDFA. An attacker can cause out-of-bound access by sending a specially crafted HTTP request. Remediation Upgrade xerces-c to version 3.2.4 o...

CVE-2023-37649

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data...

Cockpit CMS 安全漏洞

Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit CMS version 2.5.2, which stems from an improper access control issue in component/models/Content that could allow an unauthorized attacker to access sensitive data...

DEBIAN-CVE-2021-44856

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value...