CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection

A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

CVE-2026-6141

A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

Medium: yq

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

PT-2026-32329

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

jq 缓冲区错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. jq has a buffer error vulnerability, which stems from an out-of-bounds read in the error handling path of the jvparsesized function. This vulnerability may lead to memory leaks or process termination...

PT-2026-32546

Name of the Vulnerable Software and Affected Versions jq versions prior to 2f09060afab23fe9390cce7cb860b10416e1bf5f Description The jv parse sized API in libjq accepts a counted buffer with an explicit length parameter. However, its error-handling path formats the input buffer using %s in jv stri...

EUVD-2026-21729

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper handling of user-supplied input in the ParseTodos function. An attacker can inject arbitrary iCalendar properties by including CRLF characters in task titles or other fields, which are then concatenated into...

BIT-PARSE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0 and 8.6.75, the GET /sessions/me endpoint returns Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any...

CVE-2026-40026

A flaw was found in The Sleuth Kit's ISO9660 filesystem parser. An attacker can craft a malicious ISO image that exploits an out-of-bounds read vulnerability in the parsesusp function. This vulnerability occurs because the function trusts length fields from the disk image without proper validatio...

OSV-2026-548 UNKNOWN in ojph::local::precinct::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=500177411 Crash type: UNKNOWN Crash state: ojph::local::precinct::parse ojph::local::resolution::parseoneprecinct ojph::local::tile::parsetileheader...

DEBIAN-CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

CVE-2026-40036

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that lets remote attackers trigger denial of service by submitting highly compressed payloads via URL parameters to the /json/visjs endpoint, expanding to gigabytes and exhausting server memory. CV...

CVE-2026-39859

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...

CVE-2026-39859 LiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file read

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...

CVE-2026-39859

LiquidJS (liquidjs) has a path traversal vulnerability in renderFile()/parseFile() where top-level file loads do not enforce the configured root boundary, allowing access to arbitrary local files when root is empty. Affected versions are before 10.25.3; the issue is fixed in 10.25.3 (per NVD/Red ...

GHSA-V273-448J-V4QJ LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...