libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.1 had security vulnerabilities, which stemmed from the computational complexity of attribute name conflict checks. These vulnerabilities could potentially lead to denial-of-service...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

CLSA-2026-1776952176 ruby: Fix of 4 CVEs

CVE-2024-39908: fix ReDoS in REXML parser for repeated / character reference payloads - CVE-2024-41123: fix ReDoS in REXML source.match when no terminator string is specified - CVE-2024-41946: add XML entity expansion limit to REXML SAX and pull parsers - CVE-2024-43398: fix DoS via deep elements...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from insufficient scope in the Zalo webhook replay de-duplication key, allowing legitimate events from...

PT-2026-34408

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A conflict check failure occurs when binding a udp sock to a local address and port. The system utilizes two hashes, udptable-hash and udptable-hash2, for collision detection. When the...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a logical error in the UDP wildcard binding conflict check when using hash2. This error may lead to...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a split logic error. When non-UTF-8-prefixed or -suffixed inputs are provided, the output file name may be corrupted, potentially causing fil...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.2

Red Hat OpenShift Service Mesh 3.3.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

mercure 安全漏洞

Mercure is a real-time data delivery protocol and server implementation developed by Kévin Dunglas as an individual project. Versions of Mercure prior to 0.22.0 contained security vulnerabilities. These vulnerabilities were caused by conflicts in cache keys within the TopicSelectorStore, which...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the incorrect creation of unique keys using the custom cacheKeyBuilder method, which could lead to cache conflicts and...

UBUNTU-CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

Linux Distros Unpatched Vulnerability : CVE-2026-23356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drbd: fix LOGIC BUG in drbdalbeginiononblock Even though we check that we should be able to do lcgetcumulative while holding the device-allock spinlock, it may...

OpenClaw Authorization Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to attack inherited elevated tool privileges via identifier conflict...

CVE-2026-32878

Parse Server is vulnerable to prototype pollution in its deep copy path prior to versions 9.6.0-alpha.20 and 8.6.44. An attacker can bypass the default denylist and class-level field-adding permissions by crafting a request, allowing injection of fields into locked schemas and causing permanent s...

CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

CVE-2026-32878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.20 and 8.6.44 contain security vulnerabilities. These vulnerabilities stem from a prototype pollution issue in the deep...