binutils: Fix of CVE-2025-11082

CVE-2025-11082: fix heap-based buffer overflow in bfdelfparseehframe...

CLSA-2026-1776243051 expat: Fix of 2 CVEs

CVE-2022-25313: prevent stack exhaustion in buildmodel - CVE-2024-50602: make XMLStopParser refuse to stop/suspend an unstarted parser...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

CVE-2024-2374

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen

uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...

GHSA-2689-5P89-6J3J UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable

uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...

RHEL 8 : perl-XML-Parser (RHSA-2026:8610)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8610 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

MiracleLinux 9 : perl-XML-Parser-2.46-9.1.el9_7 (AXSA:2026-436:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-436:01 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

RHEL 8 : perl-XML-Parser (RHSA-2026:8608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8608 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

AlmaLinux 8 : perl-XML-Parser (ALSA-2026:7681)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7681 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and deni...

RHEL 8 : perl-XML-Parser (RHSA-2026:8609)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8609 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

PT-2026-33384

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.1 through 15.1.x Description An issue in the expression parser allows the execution of arbitrary JavaScript. This occurs in applications where users are permitted to evaluate arbitrary expressions using the mathjs...

WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞

WSO2 Identity Server IS and WSO2 API Manager Developer Portal are both products of the American company WSO2. WSO2 Identity Server is an identity authentication server. WSO2 API Manager Developer Portal is a developer portal platform. Both WSO2 Identity Server and WSO2 API Manager Developer Porta...

PT-2026-33381

Name of the Vulnerable Software and Affected Versions Hot Chocolate versions prior to 12.22.7 Hot Chocolate versions prior to 13.9.16 Hot Chocolate versions prior to 14.3.1 Hot Chocolate versions prior to 15.1.14 Description The recursive descent parser Utf8GraphQLParser lacks a recursion depth...

RHEL 8 : perl-XML-Parser (RHSA-2026:8577)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8577 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

Linux Distros Unpatched Vulnerability : CVE-2026-40499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary...

AlmaLinux 9 : perl-XML-Parser (ALSA-2026:7679)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7679 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and deni...

SUSE CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

EUVD-2026-23098

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...