692 matches found
CVE-2026-56289
CVE-2026-56289 affects GNU patch. The vulnerability is a DoS caused by improper validation of hunk line offsets in unified-diff input, where a crafted patch can specify an extremely large line number, causing an effectively infinite processing loop and high CPU usage, rendering the process unresp...
CVE-2025-3110
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
CVE-2026-57253
An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...
EUVD-2026-24973
cut: -s only-delimited ignored when delimiter is a newline...
OESA-2026-2838 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...
GHSA-J9PP-7WFG-Q7FJ Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines
Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in ChemKinFormat::ReadReactionQualifierLines. A malformed reaction qualifier record caused the parser to dereference a NULL pointer. Impac...
CVE-2026-53432
A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...
Linux Distros Unpatched Vulnerability : CVE-2026-57451
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's te...
CVE-2026-53428
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...
EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...
CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...
CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...
CVE-2026-53428
Summary: The CVE describes an unbounded memory allocation in the mdex/native codepath when parsing a user-supplied highlight_lines range in Markdown code blocks, enabling a denial-of-service via memory exhaustion. The affected components are mdex (v0.11.0 before 0.12.3) and mdex_native (v0.1.0 be...
CVE-2026-53427
The CVE-2026-53427 issue is a cross-site scripting vulnerability in leandrocp MDEx exposed via Markdown rendering. When render: full_info_string is enabled, the Lumis adapter copies a code fence’s highlight_lines_class info-string into per-line HTML class attributes, parsing key=value pairs via s...
CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...
CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...
EEF-CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
Summary Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: \full\info\string: true\ ar...
CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...
DEBIAN-CVE-2026-53306
In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...
CVE-2026-48619
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...