GHSA-65XW-VW82-R86X XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

CVE-2026-23399

A flaw was found in the Linux kernel's nftables component. This memory leak vulnerability occurs when cloning a stateful expression fails, leading to an unreleased expression. This can result in a Denial of Service DoS due to resource exhaustion...

SUSE CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released...

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

EUVD-2026-16909

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

UBUNTU-CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

CVE-2026-23399

CVE-2026-23399 concerns the Linux kernel nf_tables code: when cloning the second stateful expression in a dynset element, the first expression could remain unfreed on error, causing a stateful memleak in error paths. The provided CVE description confirms a resolution in the kernel, with backtrace...

CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released....

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a memory leak that can occur in the nftdynset error path, involving state expression memory leaks...

Information Exposure

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Information Exposure via the jq and jqraw include filter expressions, which allow access to the env builtin. An attacker can obtain sensitive environment variables ...

CVE-2026-33994

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

GHSA-27V5-C462-WPQ7 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

CVE-2026-33994

Locutus (npm) in parse_str.js is affected by a prototype-pollution vulnerability in versions 2.0.39 through 3.0.24, due to an incomplete fix for CVE-2026-25521. The attack can pollute Object.prototype by overriding RegExp.prototype.test and supplying a crafted query string, bypassing the guard th...

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

CVE-2026-33994

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...