4072 matches found
cpython: Incomplete control character validation in http.cookies
A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Important: Red Hat Security Advisory: python3.14 security update
An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 10 : python3.12 (RHSA-2026:19064)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
GHSA-5R97-79VW-QVM4
creationtimestamp| type| source ---|---|--- 2026-05-18 16:10:50+00:00| seen| https://gist.github.com/alon710/437f2e5c2f0622a4f1f7e66c52bc342f...
CVE-2021-47969 Color Notes 1.4 Denial of Service via Long Character String
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...
Gnutls: gnutls: authentication bypass via nul character in username
...
CVE-2026-8202
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-8202
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
UBUNTU-CVE-2026-8202
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...
SUSE CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
Unity Linux 20.1060e / 20.1070e Security Update: xterm (UTSA-2026-017637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017637 advisory. xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character...
Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017600)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017600 advisory. libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the...
SUSE CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...
[slackware-security] php
New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php82/php82-8.2.31-i586-1slack15.0.txz: Upgraded. This update fixes security issues: FPM: Fixed XSS within status endpoint. MBString: Fixed Null...
EUVD-2026-28427
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...
CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...
UBUNTU-CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...
CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...
CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...