CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

CVE-2026-34085

CVE-2026-34085 affects fontconfig before 2.17.1. The vulnerability is an off-by-one error in allocation during sfnt capability handling, causing a one-byte out-of-bounds write in FcFontCapabilities within fcfreetype.c. Consequences include potential crash or code execution. The available connecte...

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

PT-2026-28071

Name of the Vulnerable Software and Affected Versions fontconfig versions prior to 2.17.1 Description fontconfig versions prior to 2.17.1 contain an off-by-one error in memory allocation during sfnt capability handling. This error can lead to a one-byte out-of-bounds write within the...

MGASA-2026-0063 Updated perl-XML-Parser packages fix security vulnerabilities

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption double free or corruption and crashes. CVE-2006-10002 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. CVE-2006-10003...

EUVD-2026-14156

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-13943

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

AVideo - Incomplete Fix for CVE-2026-27568: Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

Summary The fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass: markdown link syntax text is processed by Parsedown's inlineLink method, which...

CLSA-2026-1774007526 Fix CVE(s): CVE-2026-3731

SECURITY UPDATE: out-of-bounds read in sftp extension name handler - debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check in sftpextensionsgetname and sftpextensionsgetdata - CVE-2026-3731...

SUSE CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

...

EUVD-2026-13168

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

DEBIAN-CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

CLSA-2026-1773930007 Fix CVE(s): CVE-2026-3731

SECURITY UPDATE: out-of-bounds read from manipulated SFTP extension index - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read in sftp extensions by replacing '' with '=' in index checks; cause: off-by-one error in index comparison allowing idx equal count. - CVE-2026-3731...

CLSA-2026-1773931583 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...

CLSA-2026-1773930993 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...

EUVD-2006-7234

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

UBUNTU-CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...