Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the expression parser. An attacker can execute arbitrary JavaScript code by sending malicious expressions for evaluation. Remediation There is no fixed...

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

...

CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

CVE-2026-5188

CVE-2026-5188 describes an integer underflow in wolfSSL when parsing the SAN extension of X.509 certificates. A malformed certificate may specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This vulnerability is limited to config...

CVE-2026-5188

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

Zod jsVideoUrlParser vulnerable to ReDoS in util.js

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

Regular Expression Denial of Service (ReDoS)

Overview js-video-url-parser is an A parser to extract provider, video id, starttime and others from YouTube, Vimeo, ... urls Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getTime function in lib/util.js. An attacker can cause excessive...

EUVD-2026-21236

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

@1eg/theme-editor-cli (>=0.13.0 <=1.17.0), @aicontextlab/cli (>=0.0.0-dev <=0.2.2) +308 more potentially affected by CVE-2026-5986 via js-video-url-parser (>=0.2.8 <=0.5.1)

js-video-url-parser NPM version =0.2.8, =0.13.0, =0.0.0-dev, =0.2.5, =1.0.103, =0.12.77, =0.1.0, =0.1.136, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.10 and more Source cves: CVE-2026-5986 Source advisory: OSV:GHSA-8FGX-WGVR-PCX8...

@1eg/theme-editor-cli (>=0.13.0 <=1.17.0), @aicontextlab/cli (>=0.0.0-dev <=0.2.2) +308 more potentially affected by CVE-2026-5986 via js-video-url-parser (>=0.2.8 <=0.5.1)

js-video-url-parser NPM version =0.2.8, =0.13.0, =0.0.0-dev, =0.2.5, =1.0.103, =0.12.77, =0.1.0, =0.1.136, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.8, =1.2.10 and more Source cves: CVE-2026-5986 Source advisory: SNYK:JS-JSVIDEOURLPARSER-15995499...

OPENSUSE-SU-2026:10527-1 perl-XML-Parser-2.570.0-1.1 on GA media

These are all security issues fixed in the perl-XML-Parser-2.570.0-1.1 package on the GA media of openSUSE Tumbleweed...

Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are...

CVE-2026-5188

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

SUSE CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

SUSE CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

CVE-2026-5986

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

CVE-2006-10003 affecting package perl-XML-Parser for versions less than 2.47-2

CVE-2006-10003 affecting package perl-XML-Parser for versions less than 2.47-2. A patched version of the package is available...

GHSA-H749-FXX7-PWPG MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

ImageMagick: Fix of 3 CVEs

CVE-2025-66628: fix integer overflow in TIM parser - CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28693: fix integer overflow in DIB coder...