Security Bulletin: Due to use of jackson-core-2.19.4.jar, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS) issue.

Summary jackson-core-2.19.4.jar is used by IBM Sterling Connect:Direct Web Services WS-2026-0003. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints...

EUVD-2026-25119

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

PT-2026-34748

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

SWUpdate 缓冲区错误漏洞

SWUpdate is an embedded Linux system update tool developed by Stefano Babic. SWUpdate has a buffer error vulnerability, which stems from an integer underflow in the multipart upload parser in the mongoosemultipart.c file. This vulnerability allows unauthenticated attackers to cause...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gstreamer1-plugins-bad-free (UTSA-2026-014293)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014293 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte...

CVE-2026-40517

CVE-2026-40517 affects radare2 before 6.1.4, where the PDB parser’s print_gvars() permits command injection via crafted PDB files. Unsanitized symbol name interpolation in the flag rename operation allows attackers to inject and execute radare2 commands when the idp command is run against the mal...

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...

Uncontrolled Recursion

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

0xuath-sdk-react (>=0.0.2 <=0.0.23), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +17741 more potentially affected by CVE-2026-41650 via fast-xml-parser (>=2.3.1 <=5.6.0)

fast-xml-parser NPM version =2.3.1, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.0.10, =3.1.4, =3.1.6, =0.1.0, =0.0.2, =4.11.2, =2.0.0, =2.6.6 and more Source cves: CVE-2026-41650 Source advisory: OSV:GHSA-GH4J-GQV2-49F6...

GHSA-GH4J-GQV2-49F6 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters Summary fast-xml-parser XMLBuilder does not escape the -- sequence in comment content or the sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data...

SUSE-SU-2026:21289-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

EUVD-2026-24957

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

SUSE-SU-2026:21380-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash bsc1259612. - CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the NewXMLTree method can lead to deni...

SUSE-SU-2026:21275-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...