11152 matches found
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from improper HTML encoding during the rendering of page names and content in the search block, which could le...
Improper Encoding or Escaping of Output
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the script generation process in Windows deployments due to improper handling of command-line arguments in gateway.cmd. An attacker can execute...
USN-8062-2: curl vulnerabilities
USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled...
OPENSUSE-SU-2026:20306-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...
SUSE-SU-2026:20627-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...
SUSE-SU-2026:20642-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...
Security update for postgresql17
This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...
SUSE-SU-2026:0787-1 Security update for postgresql17
This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: - the substring function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. - a...
Security update for postgresql16
This update for postgresql16 fixes the following issue: Update to version 16.13 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standb...
SUSE-SU-2026:0784-1 Security update for postgresql16
This update for postgresql16 fixes the following issue: Update to version 16.13 bsc1258754. Regression fixes: - the substring function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. - a...
SUSE-SU-2026:0771-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Update to version 15.17 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Update to version 15.17 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...
Security update for postgresql18
This update for postgresql18 fixes the following issue: Update to version 18.3 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...
gdk-pixbuf Vulnerable to Heap Buffer Overflow via Malicious JPEG Images in 'gdk_pixbuf__jpeg_image_load_increment' Function
gdk-pixbuf is vulnerable to heap buffer overflow due to improper bounds handling in the gdkpixbufjpegimageloadincrement function and gbase64encodestep in glib. This could allow an attacker to trigger a denial-of-service or potentially cause the corruption of memory by processing maliciously craft...
CLSA-2026-1772444161 python2: Fix of 2 CVEs
CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...
CVE-2026-28560
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using jsonencode without the JSONHEXTAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break o...
CVE-2026-28560
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using jsonencode without the JSONHEXTAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break o...
CVE-2026-28560 wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using jsonencode without the JSONHEXTAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break o...
CVE-2026-28560 wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using jsonencode without the JSONHEXTAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break o...
CVE-2026-28560
wpForo Forum 2.4.14 contains a stored XSS vulnerability: forum URL data output into an inline script block via json_encode without JSON_HEX_TAG. An attacker can supply a forum slug containing a closing tag or unescaped single quote to break out of the JavaScript string context and execute arbitr...