182 matches found
EUVD-2026-43563
luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...
CVE-2026-62184
luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...
CVE-2026-12590
A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...
CVE-2026-15308
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
CVE-2026-58380
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...
Linux Distros Unpatched Vulnerability : CVE-2026-58379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code...
SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy
This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
CVE-2026-9563
A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...
Linux Distros Unpatched Vulnerability : CVE-2026-20216
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device...
js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...
EUVD-2026-41081
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...
js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document
A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...
CVE-2026-13977
Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10142
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...
UBUNTU-CVE-2026-10142
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...
OPENSUSE-SU-2026:20934-1 Security update for xdg-dbus-proxy
This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
CVE-2026-11853
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
PT-2026-48397
Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...
EulerOS Virtualization 2.13.0 : gdb (EulerOS-SA-2026-2164)
According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the componen...
CVE-2026-45676
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...