uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Summary Versions of i18next-http-backend prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input the defau...

CVE-2026-35375

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35347

CVE-2026-35347 affects the uutils coreutils comm utility. The are_files_identical routine opens and reads both input paths to compare content without verifying that inputs are regular files. As a result, feeding non-regular inputs (e.g., FIFOs or pipes) drains the streams before the comparison, c...

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC 1.4.2 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the UDR service, where open-ended failure request handling was flawed. As a result, the POST handler...

uutils coreutils 输入验证错误漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a vulnerability related to input validation. This vulnerability arises from the comm utility consuming data from unconventional file inputs before performing comparison operations...

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

Linux Distros Unpatched Vulnerability : CVE-2026-35375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The...

Linux Distros Unpatched Vulnerability : CVE-2026-35347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical...

PT-2026-34511

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to string lossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

PT-2026-34483

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are files identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input...

Oracle MySQL Server JSON Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: JSON component to properly handle...

CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

Markdown 安全漏洞

Markdown is a Go library developed by gomarkdown, which is used to parse Markdown text and render it as HTML. There is a security vulnerability in Markdown, which arises from the use of SmartypantsRenderer when processing malformed inputs containing characters but no subsequent text. This can lea...