CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

EUVD-2026-39989

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

GHSA-V2V4-37R5-5V8G ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...

Folding@home fah-control Security Vulnerability

fah-control is a Folding@home open source Client Advanced Control GUI. A security vulnerability exists in the Folding@home Client Advanced Control GUI that allows an attacker to execute arbitrary code by manipulating the parsemessage function...

PHP msgfmt_parse_message stack buffer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...