📄 jsPDF PDF Object Injection

jsPDF versions prior to 4.2.0 suffer from a PDF object injection vulnerability the addJS method. CVE-2026-25755: PDF Object Injection in jsPDF addJS Method Description A PDF Object Injection vulnerability was identified in the addJS method of jsPDF. The library fails to sanitize user-supplied inp...

CVE-2025-11468

Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not...

CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

Linux Distros Unpatched Vulnerability : CVE-2017-18361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed...

CVE-2021-47467 kunit: fix reference count leak in kfree_at_end

In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfreeatend The reference counting issue happens in the normal path of kfreeatend. When kunitallocandgetresource is invoked, the function forgets to handle the returned resource object, whose...

SUSE CVE-2015-5073

Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an...

SUSE CVE-2015-8388

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

SUSE CVE-2017-18361

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

Regression in Query Parenthesis can have Security Implications

Return insensitive check after 8453 Problem: -andWhere"u.name = ?1 or u.username = ?1"; did not wrap part in parenthesis when or or and was written in lowercase anymore. It still worked for uppercase OR and AND. Fixes 8595...

CVE-2021-24153

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found...

CVE-2017-18361

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

PYSEC-2019-167

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

PYSEC-2019-167

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

UBUNTU-CVE-2017-18361

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

CVE-2017-18361

CVE-2017-18361 affects Pylons Colander up to version 1.6, where the URL validator can enter an infinite loop due to an unclosed parenthesis, causing a denial of service. The connected documents do not provide a remediation/patch version; monitor for updates from project maintainers.

CVE-2017-18361

Removed by vendor...

DEBIAN-CVE-2016-7447

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors...

pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an...