Linux Distros Unpatched Vulnerability : CVE-2026-42006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this,...

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability, which stems from excessive use of curly braces in IMAP, leading to uncontrolled memory usage. This can result in...

Exploit for Basic XSS in Espocrm

CVE-2026-33657 - EspoCRM 9.3.3 Stored HTML Injection in Email...

Oracle Linux 9 : nodejs:22 (ELSA-2026-7302)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7302 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-152...

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-152...

Oracle Linux 10 : nodejs22 (ELSA-2026-7080)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7080 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Tenable has extracted the preceding...

Security Bulletin: IBM Rational Developer for i is affected by a memory exhaustion loop (CVE-2024-4068)

Summary A package included in the Code Coverage functionality of IBM Rational Developer for i is vulnerable to malicious input causing a crash of the program due to memory exhaustion loop as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The...

Security Bulletin: A vulnerabilities in NPM package `braces` affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerabilities in NPM package braces affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.8 and 5.0 and earlier. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could...

ROOT-APP-NPM-CVE-2024-4068 CVE-2024-4068 in @rootio/braces - Patched by Root

Root has patched CVE-2024-4068 in the @rootio/braces package for Root:npm. Multiple fixed versions available...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991153 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

expat: Stack exhaustion in doctype parsing

A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988980)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988980 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

EUVD-2024-1632

Malicious code in bioql PyPI...

EUVD-2022-0569

Malicious code in bioql PyPI...

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

...

SUSE CVE-2024-58266

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

AZL-66017 CVE-2024-58266 affecting package rust 1.72.0-14

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...