CVE-2026-22041 loggingredactor converts non-string types to string types in logs

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

CVE-2026-22041

CVE-2026-22041 affects the Python library Logging Redactor. Prior to version 0.0.6, non-string data are coerced to strings, causing type errors in %d formatting. The issue is fixed in 0.0.6; multiple sources corroborate this patch. No exploit details are provided in the documents. Remediation: up...

loggingredactor converts non-string types to string types in logs

Impact Non-string types are converted into string types, leading to type errors in %d conversions. Patches The problem has been patched in version 0.0.6. Workarounds None without patching. Resources Issue report: https://github.com/armurox/loggingredactor/issues/7 Release:...

GHSA-RVJX-CFJH-5MC9 loggingredactor converts non-string types to string types in logs

Impact Non-string types are converted into string types, leading to type errors in %d conversions. Patches The problem has been patched in version 0.0.6. Workarounds None without patching. Resources Issue report: https://github.com/armurox/loggingredactor/issues/7 Release:...

OESA-2025-2686 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

EUVD-2025-33797

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

EUVD-2022-5914

Malicious code in bioql PyPI...

EUVD-2024-2720

Malicious code in bioql PyPI...

Improper Handling of Exceptional Conditions

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the streamcomplete method of the LangChainLLM class. An attacker can disrupt service availability by providing an input of type...

SUSE CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

CVE-2025-20621

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...

CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field

Mattermost Mobile versions =2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel...

PT-2025-4149 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions =2.22.0 Description: The issue arises from the improper handling of posts with attachments that contain fields which cannot be converted to a string. This allows an attacker to cause the mobile application to crash ...

CVE-2024-47003

Mattermost is affected by CVE-2024-47003. The vulnerability affects Mattermost Server versions 9.11.x <= 9.11.0 and 9.5.x

CVE-2024-47003 DoS via non-string message using permalink embed

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

PT-2024-32335 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...

kernel: mm/page_owner: use strscpy() instead of strlcpy()

In the Linux kernel, the following vulnerability has been resolved: mm/pageowner: use strscpy instead of strlcpy current-comm is not a string no guarantee for a zero byte in it. strlcpys1, s2, l is calling strlens2, potentially causing out-of-bound access, as reported by syzbot: detected buffer...