Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the FX expression parser. An attacker can cause the application to crash by supplying a deeply nested expression. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

ImageMagick has a Stack Overflow via Recursive FX Expression Parsing

A stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression...

Uncontrolled Recursion

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

CVE-2026-39979

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

CVE-2026-33948

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a remote attacker to bypass input validation by crafting malicious JSON input containing embedded null NUL bytes. Due to incorrect handling of input buffer lengths, jq truncates the input at the first NUL byte,...

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google has announced the integration of a Rust-based Domain Name System DNS parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our...

CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

HTTP Request Smuggling

Overview org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HTTP/1.1 parser HttpParser.java. An attacker can inject additional HTTP requests with chunked transfer encoding with improperly terminat...

RLSA-2026:7681 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

perl-XML-Parser security update

An update is available for perl-XML-Parser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module provides ways to parse XML documents. It is built on top ...

CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

USN-8174-1 libxml-parser-perl vulnerabilities

It was discovered that XML::Parser incorrectly handled certain multi-byte UTF-8 characters. If a user or automated system were tricked into processing specially crafted XML data, a remote attacker could use this issue to cause XML::Parser to crash, resulting in a denial of service or to possibly...

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

DEBIAN-CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

Eclipse Jetty 环境问题漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Eclipse Jetty has a vulnerability related to environmental issues, which stems from the HTTP/1.1 parser’s request interception vulnerability when using chunked extensions...