CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

i18nextify 跨站脚本漏洞

i18nextify is an open-source Java library application developed by i18next. Versions prior to i18nextify 4.0.8 contained a cross-site scripting vulnerability. This vulnerability stemmed from the key interpolation token in the src and href attribute values, which did not validate the URL scheme...

www/gohugo -- CWE-79: XSS vulnerabilities

https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to...

CVE-2026-43187

A flaw was found in the Linux kernel's XFS filesystem. Incorrect handling of freemap entries when deleting attribute leaf freemap entries can lead to a situation where zero-length freemap entries with a non-zero base are left behind. Subsequent setxattr operations can cause these entries to overl...

CVE-2026-6255

The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owlswrapper' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the decodeAllEntities function. An attacker can execute arbitrary JavaScript in the context of the application origin by...

CVE-2026-43153

A flaw was found in the Linux kernel's XFS filesystem. The xfsattrleafhasname function has a problematic calling convention that can lead to incorrect buffer handling. This issue can result in the use of already released memory buffers, potentially causing memory corruption or system instability....

CVE-2025-71289

A flaw was found in the Linux kernel's NTFS3 file system driver. When a file is truncated, and an error occurs during the process of setting the attribute size, the system silently ignores this error. This oversight can lead to the file's inode, which stores critical file system metadata, being...

CVE-2026-43107

A flaw was found in the Linux kernel's xfrm subsystem. A remote attacker could send a specially crafted netlink message that, due to an incorrect size calculation when handling XFRMAIFID attributes, would lead to a buffer overflow. This issue could cause a kernel panic, resulting in a Denial of...

BIT-JAVA-2025-7425 Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

EUVD-2026-27746

In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 "xfs: fix attr leaf header freemap.size underflow", Brian Foster observed that it's possible for a small freemap at the end of the end of the xattr...

EUVD-2026-27712

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a valid buffer when xfsattr3leaflookupint returns -ENOATTR or -EEXIST, and ...

EUVD-2025-209678

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

EUVD-2026-27624

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

CVE-2026-43168

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...

CVE-2026-43153

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a valid buffer when xfsattr3leaflookupint returns -ENOATTR or -EEXIST, and ...

RLSA-2026:13641 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python-tornado security update

An update is available for python-tornado. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

CVE-2025-71289

Summary: CVE-2025-71289 affects the Linux kernel NTFS3 driver. The issue occurs when truncating files: if attr_set_size() fails, the error is silently ignored and the inode may be left in an inconsistent state, potentially impacting data integrity. The NVD entry lists a local, low-complexity atta...

CVE-2026-43187

Summary: CVE-2026-43187 affects the Linux kernel XFS freemap handling in xattr leaf entries. The root cause is a bug in the freemap update logic in _leaf_add that can leave behind zero‑length freemap entries with a nonzero base, and later entries could be updated incorrectly so freemap entries ov...