CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

Linux Distros Unpatched Vulnerability : CVE-2026-26278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004428 advisory. In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka...

CVE-2025-53627

creationtimestamp| type| source ---|---|--- 2025-12-29 18:48:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mb5irhmoa32u...

CLSA-2025-1751042683 Update of tzdata

Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...

CLSA-2025-1750953703 Update of tzdata

Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...

WordPress plugin Tour Master SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Tour Master plugin <= 5.3.6 - Authenticated (Subscriber+) SQL Injection via review_id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via reviewid Parameter vulnerability discovered by Aiden Thái An in WordPress Plugin Tourmaster versions = 5.3.6...

CVE-2023-47150

IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602...

CVE-2023-28767

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...

SUSE CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

SUSE CVE-2011-1466

Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via a large integer in the first argument to the calfromjd function...

SUSE CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

SUSE CVE-2019-19076

A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service memory consumption, aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit...

CVE-2020-4381

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162...

DEBIAN-CVE-2019-17666

rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow...

PT-2019-4470 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.6 Description: The issue is related to a use-after-free bug in the Linux kernel, specifically in the drivers/net/ieee802154/atusb.c driver. This bug can be triggered by a malicious USB device, potentially...

Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...