154 matches found
CVE-2026-57435
A flaw was found in Nokogiri, an XML and HTML library for Ruby. This use-after-free vulnerability occurs when replacing the value of an XML attribute. If a Ruby wrapper already points to the attribute's child node, the underlying native child node can be freed while the wrapper remains accessible...
CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...
CVE-2026-57435
Nokogiri (Ruby XML/HTML library) had a use-after-free in the CRuby native extension when replacing the value of an XML attribute. If an attribute child node was already accessed, Nokogiri::XML::Attr#value= could free the underlying native child node while a wrapper remained in the document cache,...
CVE-2026-53245 net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...
GHSA-PHWJ-RPRQ-35PP Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
Summary Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attrvalue= could free the underlying native child node while the wrapper remained...
CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...
PT-2026-42587
Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...
fast-xml-builder 安全漏洞
fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...
CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
DEBIAN-CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317 OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
OP-TEE Trusted OS 缓冲区错误漏洞
OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.13.0 to 4.10.0 of OP-TEE Trusted OS, there is a buffer error vulnerability. This vulnerability stems from ...
Debian dla-4512 : charon-cmd - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4512 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4512-1 [email protected] https://www.debian.org/lts/security/...