Lucene search
+L

9 matches found

nvd
nvd
added last week5 views

CVE-2026-55865

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 8:39 a.m.34 views

CVE-2026-53275 ipv6: mcast: Fix use-after-free when processing MLD queries

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer to the multicast group address is retrieved when initially parsing the packet. This pointer is later dereferenced without being...

8.8CVSS0.00252EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/25 4:48 a.m.7 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References3
github
github
added 2026/06/18 1:7 p.m.8 views

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3Affected Software2
github
github
added 2026/04/22 6:31 p.m.12 views

uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.5AI score0.00156EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.7 views

PT-2026-34514

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a logical error in the expr function. This error causes the subexpressions within parentheses to be evaluated during the parsing phase rather...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References1
fedora
fedora
added 2026/03/28 12:19 a.m.5 views

[SECURITY] Fedora 44 Update: perl-XML-Parser-2.51-1.fc44

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

9.8CVSS5.8AI score0.00604EPSS
Exploits0
github
github
added 2020/09/01 3:17 p.m.29 views

Regular Expression Denial of Service in ansi2html

The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...

7.5CVSS7.2AI score0.01151EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder