Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community. Versions of Perl 5.43.10 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow vulnerability that occurs when compiling regular expressions...

EUVD-2026-31772

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Security Bulletin: A runtime-7.23.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in runtime-7.23.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

CVE-2026-33079

A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

UBUNTU-CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

CVE-2026-48700

PCManFM-Qt (all versions starting from 1.1.0) is affected by an issue where passing a regular file’s path as a URI in the org.freedesktop.FileManager1.ShowFolders D-Bus call causes PCManFM-Qt to launch another program based on the file type without user confirmation. This could enable code execut...

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Parser::cleanup function. Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The origina...

Incorrect Regular Expression

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'...

Incorrect Regular Expression

Overview Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'. An attacker can bypass security redirect restrictions by suppling a URL that passes any but...

Regular Expression Denial of Service (ReDoS)

Overview symfony/json-path is an Eases JSON navigation using the JSONPath syntax as described in RFC 9535 Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the match and search filter functions in the JsonPath component. An attacker can cause denia...

Astra Linux - уязвимость в node-minimatch

A vulnerability was discovered in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when the braceExpand function is called with specific arguments, resulting in a denial of service...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...