CLSA-2026-1777464764 libxml2: Fix of 2 CVEs

CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when AND/OR operator operates on an empty XPath stack - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover when parsing NULL doc...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1650-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1650-1 advisory. This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: -...

EUVD-2026-26723

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

CVE-2026-7599

A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function savedocument/exporttotext/exporttohtml of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputpath results in path traversal. Remote exploitation of the...

CGA-3C8Q-47HW-VRJ3

Bulletin has no description...

ECHO-6096-8E00-66F4

Bulletin has no description...

ECHO-586E-C143-D1AA

Bulletin has no description...

JLSEC-2026-382

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...

ECHO-B507-5D7A-0C6F

Bulletin has no description...

PDFGenerator

No d...

HWPX MCP Server 路径遍历漏洞

HWPX MCP Server is an enhanced version of the HWPX document editing MCP server by Kim dayoun individual developer. A path traversal vulnerability exists in HWPX MCP Server version 0.2.0, which stems from an improper operation of the savedocument/exporttotext/exporttohtml functions of the...

PT-2026-36551

Name of the Vulnerable Software and Affected Versions Dayoooun hwpx-mcp version 0.2.0 Description A path traversal issue exists in the MCP Interface component within the file mcp-server/src/index.ts. Manipulation of the output path argument in the functions save document, export to text, and expo...

CGA-J355-QMHF-HF4H

Bulletin has no description...

MINI-3RVM-V6J7-4GG8

Bulletin has no description...

MINI-8558-8PVV-9FPM

Bulletin has no description...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...