Incorrect Behavior Order: Validate Before Canonicalize

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

CLSA-2026-1774283672 Fix CVE(s): CVE-2026-25965

SECURITY UPDATE: local file disclosure through path traversal bypass of path security policy - debian/patches/CVE-2026-25965.patch: Resolve and canonicalize file paths before policy pattern matching; prevent path traversal by fixing policy checks that matched unnormalized paths including symlinks...

Incorrect Behavior Order: Validate Before Canonicalize

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the boundary validation process for @-prefixed absolute paths when tools.fs.workspaceOnly is set to true. An attacker can access...

OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Summary In [email protected], approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution. Details Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended execution of files by crafting URLs with specific Unicode characters that manipulate the path splitting logic, potentiall...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...

GO-2026-4354 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor

Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor...

HTTP Response Splitting

Overview gakido is a High-performance CPython HTTP client with browser impersonation. Affected versions of this package are vulnerable to HTTP Response Splitting via improper sanitization of user-supplied header values and names in the canonicalizeheaders function. An attacker can inject arbitrar...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Canonicalize function when spec.message is empty. An attacker can cause a denial of service by sending malformed proposed entries of cose/v0.0.1 or dsse/v0.0.1 types that trigger panic on a thread...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Canonicalize function when spec.message is empty. An attacker can cause a denial of service by sending malformed proposed entries of cose/v0.0.1 or dsse/v0.0.1 types that trigger panic on a thread...

GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

MiracleLinux 7 : glibc-2.17-260.el7 (AXSA:2019-3623:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3623:01 advisory. glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries CVE-2017-16997 glibc: Integer overfl...

EUVD-2004-2355

Malware in sbrugna...

OSV-2024-9 Stack-buffer-overflow in _canonicalize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65635 Crash type: Stack-buffer-overflow READ Crash state: canonicalize ulocimpgetBaseName75 uresopenWithType...

PT-2024-40872 · Git +1 · Icu

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash state involves several functions, including canonicalize, ulocimp getBaseName 75, a...

CVE-2023-40101

In collapse of canonicalizemd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...

SUSE CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

lxml: NULL Pointer Dereference in lxml

A NULL Pointer dereference vulnerability found in lxml, caused by the iterwalk function also used by the canonicalize function. This flaw can lead to a crash when the incorrect parser input occurs together with usages...

CVE-2022-2309

A NULL Pointer dereference vulnerability found in lxml, caused by the iterwalk function also used by the canonicalize function. This flaw can lead to a crash when the incorrect parser input occurs together with usages...