NPM: next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

NPM: next-intl has prototype pollution with experimental.messages.precompile via attacker-controlled translation catalog keys vulnerability discovered by ? in WordPress Npm next-intl versions = 4.9.1...

GHSA-4C35-WCG5-MM9H next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

Summary setNestedProperty in packages/next-intl/src/extractor/utils.tsx walks a dotted key path and assigns the final value without blocking the reserved keys proto, constructor, or prototype. When the next-intl Next.js plugin is configured with experimental.messages and messages.precompile: true...

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, o...

Astra Linux - уязвимость в libxml2

A flaw was discovered in the libxml2 library. This vulnerability arises from uncontrolled resource consumption when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this vulnerability by providing malicious catalogs,...

CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

Security Bulletin: Vulnerability in libxml2 (CVE-2025-8732) affects AIX/VIOS

Summary Updated Mar 13 2026: Added iFix information for VIOS 3.1. Vulnerability in libxml2 could cause an uncontrolled recursion CVE-2025-8732. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2025-8732 DESCRIPTION: A vulnerability was found in libxml2 up to...

EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2026-1288)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain...

SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory. Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in...

SUSE-SU-2026:20647-1 Security update for libxml2, libxslt

This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...

SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2026:0605-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0605-1 advisory. - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in...

A High-Throughput AES-GCM Implementation on GPUs for Secure, Policy-Based Access to Massive Astronomical Catalogs

The era of large astronomical surveys generates massive image catalogs requiring efficient and secure access, particularly during pre-publication periods where data confidentiality and integrity are paramount. While Findable, Accessible, Interoperable, and Reusable FAIR principles guide the...

AIX (IJ57291)

The version of AIX installed on the remote host is prior to APAR IJ57291. It is, therefore, affected by a vulnerability as referenced in the IJ57291 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

AIX (IJ57276)

The version of AIX installed on the remote host is prior to APAR IJ57276. It is, therefore, affected by a vulnerability as referenced in the IJ57276 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

Vulnerability in libxml2 (CVE-2025-8732) affects AIX

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:44:14 CST 2026 |Updated: Fri Mar 13 13:55:04 CDT 2026 |Update: Added iFix information for VIOS 3.1. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory10.asc Security Bulleti...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

PT-2026-20300

Name of the Vulnerable Software and Affected Versions OpenS100 versions prior to commit 753cf29 Description The software contains a remote code execution issue due to an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL openlibs without sandboxing or capability...

Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3144 (ALAS-2026-3144)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3144 advisory. A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1396)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1396 advisory. A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry...

Medium: libxml2

Issue Overview: A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issu...