UBUNTU-CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

Unchecked Input for Loop Condition

Overview github.com/0xJacky/Nginx-UI/settings is a yet another Nginx Web UI Affected versions of this package are vulnerable to Unchecked Input for Loop Condition due to improper input validation in the POST /api/settings handler for the logrotate.interval field. An attacker can make the web...

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition due to improper input validation in the POST /api/settings handler for the logrotate.interval field. An attacker can make the web interface unresponsive by submitting a negative interval value, causing...

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition due to improper input validation in the POST /api/settings handler for the logrotate.interval field. An attacker can make the web interface unresponsive by submitting a negative interval value, causing...

SUSE-SU-2026:20963-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

SUSE-SU-2026:20985-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

OPENSUSE-SU-2026:20448-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

CVE-2026-33750

A flaw was found in the brace-expansion library, a component used for generating strings based on patterns. A remote attacker could exploit this vulnerability by providing a specially crafted brace pattern that includes a zero step value. This malicious input causes the library's sequence...

EUVD-2026-14434

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

RHEL 9 : kernel (RHSA-2026:6153)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6153 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-After-Free...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1478)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1478 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in...

EUVD-2026-16349

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion...

GHSA-65XW-VW82-R86X XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

Infinite Loop

pypdf is vulnerable to an Infinite Loop. The vulnerability is due to reading a file in non‑strict mode during dictionary recovery, where the DictionaryObject.readfromstream method can enter an infinite loop and an attacker can craft a PDF to trigger it...

SUSE CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

SUSE CVE-2026-33699

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

Linux Distros Unpatched Vulnerability : CVE-2026-33487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in...

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Linux Distros Unpatched Vulnerability : CVE-2026-32287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level...

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...