jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

CVE-2026-5404

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause the application to crash, leading to a denial of service. The attacker can achieve this by tricking a user into opening a specially crafted K12 RF5 file, which triggers a parser error. Mitigation To mitigate this...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on attacker-controlled counts and lengths in the SPDY/3 frame parser. An attacker can exhaust process memory and cause an out-of-memory crash by sending ...

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

CVE-2026-35176 openFPGALoader has a heap buffer overflow in POFParser::parseSection() via crafted .pof file

openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability...

CVE-2025-69534

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

openSUSE 16 Security Update : htmldoc (openSUSE-SU-2026:20219-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20219-1 advisory. Changes in htmldoc: - CVE-2024-46478: Fixed buffer overflow when handling tabs through the parsepre function bsc1232380. - version update to...

EUVD-2010-2645

Malware in sbrugna...

EUVD-2021-21235

Malware in sbrugna...

EUVD-2021-31251

Malicious code in bioql PyPI...

EUVD-2023-43051

Malicious code in bioql PyPI...

EUVD-2021-33032

Malicious code in bioql PyPI...

EUVD-2022-28035

Malicious code in bioql PyPI...

EUVD-2023-38908

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-23314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion 'blockfound' failed at js-parser-statm.c:2003 parserparsetrystatementend in JerryScript 2.2.0. CVE-2020-23314 Note that Nessus relies on t...

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.

...

GHSA-VQFR-H8MV-GHFJ h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

PT-2024-8690

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...