PT-2026-38056

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

AlmaLinux 9 : python-tornado (ALSA-2026:13670)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:13670 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handlin...

RockyLinux 9 : python-tornado (RLSA-2026:13670)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13670 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

GHSA-R7FX-8G49-7HHR Grav CMS vulnerable to stored XSS via Markdown media attribute() action

Summary An authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters being converted into callable media actions. The...

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attribute process. An attacker can execute arbitrary JavaScript in the context of users who view a page by...

CLSA-2026-1777944214 libcap: Fix of CVE-2026-4878

CVE-2026-4878: fix TOCTOU race in capsetfile by performing xattr writes via an ONOFOLLOW file descriptor instead of the user-supplied path...

GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the Update function. An attacker can cause the process to crash and disrupt service availability by sending a specially crafted BGP UPDATE message with inconsistent attribute lengths that leads to improper...

EUVD-2026-27359

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

EUVD-2026-27349

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

CVE-2026-43063

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

CVE-2026-43063 xfs: don't irele after failing to iget in xfs_attri_recover_work

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

EUVD-2026-27181

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

EUVD-2026-27191

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

EUVD-2026-27183

The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. Th...