PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

CGA-VGPQ-XPP4-4J5V

Bulletin has no description...

GO-2026-5062 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

GO-2026-5061 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

MINI-GCCG-J4M6-Q6Q8

Bulletin has no description...

MINI-FFXM-53GJ-7FJ8

Bulletin has no description...

MINI-3J4Q-6399-W2VJ

Bulletin has no description...

MINI-QV8G-W4FH-GCW6

Bulletin has no description...

MINI-CFRM-3MMP-VWW9

Bulletin has no description...

MINI-66FW-HHCR-C3H3

Bulletin has no description...

MINI-MXXH-J2PP-8VGH

Bulletin has no description...

MINI-85W5-HJ2C-F94G

Bulletin has no description...

MINI-XX9F-G688-P765

Bulletin has no description...

MINI-96R5-MWW4-57FV

Bulletin has no description...

MINI-CR4R-JQ7Q-4943

Bulletin has no description...

MINI-56V4-589W-QFJX

Bulletin has no description...

MINI-JWR2-P5V2-4VR3

Bulletin has no description...

MINI-H5VJ-HMVQ-QWG5

Bulletin has no description...

MINI-C89C-P3Q5-MP27

Bulletin has no description...