JLSEC-2026-127

SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...

CLSA-2026-1776430169 libarchive: Fix of CVE-2026-5745

CVE-2026-5745: fix NULL pointer dereference in ACL parsing in archiveaclfromtextw...

CVE-2026-5162

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-23340

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-5162

The CVE-2026-5162 entry concerns the Royal Addons for Elementor plugin (WordPress). It describes a Stored Cross-Site Scripting vulnerability in the Instagram Feed widget, exploitable via the instagram_follow_text setting in all versions up to 1.7.1056 due to insufficient input sanitization and ou...

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of the text/template template engine without proper escaping of the refreshInterval parameter, which could lead to cross-sit...

PT-2026-33504

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 23.0.0 Description Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. An authenticated administrator can achieve remote code execution as the web server user by...

Anviz CrossChex Standard 安全漏洞

Anviz CrossChex Standard is a centralized control software developed by Anviz Corporation in the United States, used for access control and attendance data management. Anviz CrossChex Standard has a security vulnerability. This vulnerability arises from the ability of attackers to manipulate the...

[SECURITY] Fedora 44 Update: spacebar-6.6.4-1.fc44

Spacebar is a telepathy-qt based SMS application that primarily targets Plasm a Mobile...

[SECURITY] Fedora 44 Update: kf6-ktextwidgets-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 addon with advanced text edting widgets...

[SECURITY] Fedora 44 Update: kf6-kcoreaddons-6.25.0-1.fc44

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +1341 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=0.0.1 <=1.1.1)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =0.1.0, =0.1.0, =1.0.0rc1, =2.6.1 and more Source cves: CVE-2026-41481 Source advisory: OSV:GHSA-FV5P-P927-QMXR...

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=1.0.0 <=1.1.1)

langchain-text-splitters PYPI version =1.0.0, =0.1.0, =0.1.0, =3.0.3, =0.1.0, =0.1.0, =0.4.0, =0.2.2, =0.8.0, =1.10.5, =0.6.1, =0.6.21 - obsidian-vault-rag =0.1.0 and more Source cves: CVE-2026-41481 Source advisory: SNYK:PYTHON-LANGCHAINTEXTSPLITTERS-16095053...

Server-side Request Forgery (SSRF)

Overview langchain-text-splitters is a LangChain text splitting utilities Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the splittextfromurl function. An attacker can access internal network resources and potentially exfiltrate sensitive data by supplying...

GHSA-FV5P-P927-QMXR LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

GHSA-9MRH-V2V3-XPFM sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

RLSA-2026:8052 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bound...

firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Layout: Text and Fonts component...