[SECURITY] Fedora 44 Update: podofo-1.0.4-1.fc44

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

GHSA-X6G4-FWCC-JJ8W Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Astra Linux - уязвимость в libxml2

A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

EUVD-2025-206379

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData...

EUVD-2017-17681

Malware in sbrugna...

EUVD-2020-11951

Malware in sbrugna...

EUVD-2018-20025

Malware in sbrugna...

EUVD-2020-25483

Malware in sbrugna...

EUVD-2019-1374

Malware in sbrugna...

EUVD-2017-17670

Malware in sbrugna...

EUVD-2024-2189

Malicious code in bioql PyPI...

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

CVE-2020-1059

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'...

CVE-2019-0608

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Scrapy vulnerabilities (USN-7476-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7476-1 advisory. It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during...

AZL-60550 CVE-2025-22872 affecting package prometheus-adapter for versions less than 0.12.0-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60601 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.6.2-9

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60573 CVE-2025-22872 affecting package kube-vip-cloud-provider for versions less than 0.0.10-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...