Cross-site Scripting (XSS)

Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and...

CLSA-2026-1779184141 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

CLSA-2026-1779183996 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

CLSA-2026-1779183767 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

CLSA-2026-1779183482 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: denial of service via On^2 attribute name collision check with moderately sized crafted XML input - debian/patches/CVE-2026-45186.patch: replace linear scan in defineAttribute with O1 hash table lookup using new ELEMENTTYPE.defaultAttsNames field in expat/lib/xmlparse.c -...

CVE-2026-31906

CVE-2026-31906 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is an improper neutralization of input during web page generation, i.e., Cross-Site Scripting (XSS). Some sources describe it as a reflected XSS due to improper HTML attribute escaping in layered-modal dialog par...

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-31378

The CVE relates to an Improper Input Validation vulnerability in Apache OFBiz . Affected software is Apache OFBiz versions before 24.09.06 . The issue’s root cause is input validation weaknesses, allowing potential impact as described in the linked records. The recommended remediation is to upgra...

Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:19361 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

ALSA-2026:19368 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

RHEL 10 : rsync (RHSA-2026:19152)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19152 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync onl...

MAL-2026-3852 Malicious code in @antv/attr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

ALSA-2026:19148 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

CLSA-2026-1779130424 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

CLSA-2026-1779129362 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

CLSA-2026-1779129222 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

CLSA-2026-1779122132 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic runtime behavior in attribute collision detection...

SUSE CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...