Information Exposure

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain sensitive information from kwargs passed t...

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

Tenda A18 安全漏洞

The Tenda A18 is a AC1200 dual-band Wi-Fi repeater produced by the Chinese company Tenda. Version 15.13.07.13 of the Tenda A18 contains a security vulnerability. This vulnerability stems from the parsemacfilterrule function in the /goform/setBlackRule file, where an stack buffer overflow occurs d...

MAL-2026-967 Malicious code in parse-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f14189ba3007a51617df87911f83c0c765d38bf6abe23b5aecbbe60cd8646c0a The package parse-compat was found to contain malicious code. Source: ghsa-malware 90a657719347c80f56dab387dd9beb25be7af98e9580382365a65feb0fd53243 A...

Malicious Package

Overview parse-compat is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in parse-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f14189ba3007a51617df87911f83c0c765d38bf6abe23b5aecbbe60cd8646c0a The package parse-compat was found to contain malicious code. Source: ghsa-malware 90a657719347c80f56dab387dd9beb25be7af98e9580382365a65feb0fd53243 A...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1443)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1443 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

Excessive Iteration

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the parsebfrange function in cmap.py. An attacker can cause excessive resource consumption by supplying a...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

UBUNTU-CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

OSV-2026-259 Use-of-uninitialized-value in tsip_parse_input

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=484859694 Crash type: Use-of-uninitialized-value Crash state: tsipparseinput gpsdpoll FuzzDrivers.c...

SUSE-SU-2026:20490-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both...

SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0517-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0517-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CLSA-2026-1771240859 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

Denial Of Service (DoS)

qs is vulnerable to Denial of Service DoS. The vulnerability is due to parseArrayValue returning val.split',' before enforcing arrayLimit, allowing attackers to supply a comma-heavy parameter that creates arbitrarily large arrays in memory without triggering throwOnLimitExceeded, leading to...

SUSE CVE-2026-23199

In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...