156 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batman-adv module’s ability to encounter deallocated declarations while traversing the declaration...
CVE-2026-6340 Memory Exhaustion via Malicious 7zip File Upload
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...
GHSA-4V8G-86X5-3VRC Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CLSA-2026-1776861173 python3: Fix of CVE-2022-48565
CVE-2022-48565: plistlib: reject XML entity declarations in plist files to prevent XXE attacks...
CVE-2026-33943
A flaw was found in Happy DOM, a JavaScript implementation of a web browser. This vulnerability allows a remote attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions. The ECMAScriptModuleCompiler component fails to properly sanitize content within export...
CVE-2026-33943
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
Arbitrary Code Injection
Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection in the ECMAScript module compilation proces...
SUSE-SU-2026:1066-1 Security update for ruby2.5
This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. - CVE-2026-27820: insufficient checks in zstreambufferungets can lead...
OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub
Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-005361)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005361 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to...
CLSA-2026-1768814484 ruby: Fix of CVE-2025-58767
CVE-2025-58767: fixed REXML to reject duplicate XML declarations and validate declaration attributes to protect from DoS...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
expat: integer overflow in the doProlog function
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...
ROS-20251111-05
The vulnerability in the Ruby REXML XML toolkit is related to the fact that the application does not properly control the internal resource consumption when analyzing malformed XML code containing multiple XML declarations. Exploitation of the vulnerability could allow an attacker to cause a deni...
Denial Of Service (DoS)
rexml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multiple XML declarations during parsing, which allows an attacker to craft malicious XML input that exhausts system resources and causes the application to become unresponsive...
EUVD-2009-2410
Malware in sbrugna...