GHSA-5WM8-GMM8-39J9 fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

Summary When an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. Detail Malicious Input a: "@attr": '" onClick="alert1' Output x...

fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

Summary When an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. Detail Malicious Input a: "@attr": '" onClick="alert1' Output x...

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection despite the recently introduced neutralizeArraySpeciesBatch helper in lib/bridge.js. An attacker can execute...

EUVD-2026-28723

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork/CLONEVM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mmgetcid when scheduling in. It turned out that the logic which handles vfork'ed tasks is broken. It is invoked when th...

EUVD-2026-28676

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

EUVD-2026-28574

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

CVE-2026-43406

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control segment ends up being less than the size of the message header or a...

DEBIAN-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

UBUNTU-CVE-2026-43394

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

UBUNTU-CVE-2026-43433

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

UBUNTU-CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

CVE-2026-43470

In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3proccreate if dalias is a dir If we found an alias through nfs3docreate/nfsaddorobtain /dsplicealias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but t...

CVE-2026-43406

CVE-2026-43406 affects the Linux kernel libceph component. The issue is in process_message_header() where, if a message frame is corrupted or misrepresented, an out-of-bounds read may occur due to a missing explicit bounds check before decoding the header. The vulnerability can enable remote expl...

CVE-2026-43406

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in processmessageheader If the message frame is maliciously corrupted in a way that the length of the control segment ends up being less than the size of the message header or a...

CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

UBUNTU-CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...