2108 matches found
PT-2026-42631
Description Several filters in the twig/ extras packages are registered with is safe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...
CVE-2026-33741
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings. Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to...
BIT-PYTHON-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...
BIT-PYTHON-MIN-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a race condition between ext4write and ext4convertinlinedata Hulk Robot reported a BUG: ================================================================== EXT4-fs error device loop3: ext4mbgeneratebuddy:805: group 0,...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: udf: Do not update the file length when a write to an inline file fails. When a write to an inline file fails or fails partially, we still update the length of the inline data as if the entire write was successful. This issue is...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Additional debug information will be output if an inline backref cannot be found. BREAK Syzbot reported several warnings that were triggered within lookupinlineextentbackref. CAUSE As usual, the reproducer does not reliabl...
Astra Linux - уязвимость в linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was added for the F2FSInlineDATA flag in the inode during garbage collection GC. The syzbot reports the following f2fs bug: ------------ Cut here ------------ Kernel BUG: At fs/f2fs/inline.c:258; CPU: 1; PID:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Error checking was added to ext4extreplaysetiblocks. If the call to ext4mapblocks fails due to a corrupted file system, ext4extreplaysetiblocks may get stuck in an infinite loop. This issue can be reproduced by running...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a use-after-free issue in ext4findextent when using bigalloc with inline data. Syzbot identified the following issue: loop0: A change in capacity was detected, from 0 to 2048. EXT4-fs loop0: The filesystem...
Astra Linux - уязвимость в emacs
In Emacs versions before 29.3, Gnus treats inline MIME contents as trusted...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid crashes when inline data creation occurs after DIO write When an inode is created and written using direct I/O, there is no way to clear the EXT4STATEMAYINLINEDATA flag. As a result, when the inode is truncated to jus...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur: c fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak when the block address of a non-inlined pcluster is zero. syzkaller reported a memory leak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed Unreferenced object...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Refreshing the inline data size before write operations The cached ei-iInlineSize can become stale between the initial size check and when ext4updateInlineData/ext4createInlineData use it. Although ext4getmaxInlineSize read...
EUVD-2026-30990
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021551)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021551 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...
CVE-2026-8493
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...