PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

CLSA-2025-1753963973 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

CLSA-2025-1753953101 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

SUSE CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

OESA-2021-1388 aspell security update

GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Cross-site Scripting (XSS)

php is vulnerable to cross-site scripting XSS. The vulnerability exists as a numeric truncation error and an input validation flaw were found in the way the PHP utf8decode function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escape...

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...

Amazon Linux AMI : oniguruma (ALAS-2019-1295)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2019-2086)

According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of...

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Debian: Security Advisory (DLA-1854-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1854-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u2 CVE ID : CVE-2019-13224 Debian Bug : 931878 A use-after-free in onignewdeluxe in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacke...

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

DEBIAN-CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Design/Logic Flaw

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...