JLSEC-2026-346

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FLreggclist of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

JLSEC-2026-312

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MMxstrdup in H5MM.c called from H5Genttolink in H5Glink.c...

JLSEC-2026-302

HDF5 Library through 1.14.3 has a SEGV in H5Aclose in H5Aint.c, resulting in the corruption of the instruction pointer...

JLSEC-2026-350

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FLmalloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

JLSEC-2026-320

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Dscattermem in H5Dscatgath.c...

DOMXSSScanner

DOM XSS Scanner & PoC Generator Developed by Vishal Bharad...

CLSA-2026-1777446434 gdb: Fix of CVE-2019-1010180

CVE-2019-1010180: add warning for corrupt ELF section size larger than file...

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0.18 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Services on OpenShift 18.0.18 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer

It was discovered that there is a way to bypass HTML escaping in the HTML writer using custom number format codes. The Problem In Writer/Html.php around line 1592, the code checks if the formatted cell data equals the original data to decide whether to apply htmlspecialchars: php if $cellData ===...

GHSA-HRMW-QPRP-WGMC PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer

It was discovered that there is a way to bypass HTML escaping in the HTML writer using custom number format codes. The Problem In Writer/Html.php around line 1592, the code checks if the formatted cell data equals the original data to decide whether to apply htmlspecialchars: php if $cellData ===...

GHSA-6WPP-88CP-7Q68 PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer

Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML generation process when a cell uses a custom number format containing the @ text placeholde...

PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer

Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...

SUSE-SU-2026:1640-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

CLSA-2026-1777369264 wireshark: Fix of CVE-2022-0586

CVE-2022-0586: fix infinite loop in RTMPT dissector rtmptgetamflength...

CVE-2026-41607 Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-40980

In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

EUVD-2026-26000

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

Exploit for Stack-based Buffer Overflow in Asustor Data_Master

CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...