234 matches found
[SECURITY] Fedora 43 Update: python-pendulum-3.2.0-1.fc43
Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class it inherits from it, so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is...
CVE-2026-0282
creationtimestamp| type| source ---|---|--- 2026-07-08 19:03:50+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mq5spheeb723 2026-07-09 04:46:18+00:00| seen| https://www.hkcert.org/security-bulletin/palo-alto-products-multiple-vulnerabilities20260709 2026-07-09 21:04:25+00:00| seen...
CVE-2026-53340
creationtimestamp| type| source ---|---|--- 2026-07-01 22:26:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmkrk2x5l2r...
CVE-2026-58011
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...
UBUNTU-CVE-2026-58011
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...
CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...
CVE-2026-58011
CVE-2026-58011 (GLib) : A flaw in GLib’s g_date_time_get_ymd (glib/gdatetime.c) allows an out-of-bounds read of 2 bytes when an invalid GDateTime object from g_date_time_add_full is processed. This can corrupt date output and potentially cause logic errors leading to a denial of service. Exploita...
CVE-2026-58011
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...
CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...
CVE-2026-10736
creationtimestamp| type| source ---|---|--- 2026-06-18 08:15:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mokf5nzsdj2z 2026-06-19 02:33:25+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3momciyt73y2g...
CVE-2026-44241
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...
CVE-2026-44375
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
EUVD-2026-34055
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-44375
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44241 Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, 3.10.6, and 3.8.14, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the...
CVE-2026-40136
creationtimestamp| type| source ---|---|--- 2026-05-12 04:57:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlmyt54c6l2p 2026-05-12 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:07+00:00| seen|...
CVE-2026-42571
creationtimestamp| type| source ---|---|--- 2026-05-09 21:49:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh7zev7at2t 2026-05-10 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p 2026-05-10 00:01:03+00:00| seen|...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016813)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016813 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...
Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header
Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...