20548 matches found
CVE-2026-35176
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability...
thunderbird: Out of bounds read in IMAP parsing
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
DEBIAN-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
UBUNTU-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allowed bypassing eavesdrop restrictions because the parser mishandles patterns like eavesdrop ='true' (space before =). As a result, clients could intercept D-Bus messages they should not hav...
PYSEC-2026-60
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-39376
FastFeedParser is affected by CVE-2026-39376 prior to version 0.5.10. When parse() fetches a URL returning an HTML page with a tag, it may recursively call itself on the redirect URL without a depth limit, visited-URL deduplication, or redirect count cap. An attacker-controlled server that emits...
CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-34211
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...
Inefficient Algorithmic Complexity
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the MultiPartParser when handling multipart uploads with Content-Transfer-Encoding: base64...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-64718)
Summary Node.js module js-yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...
GHSA-5MF9-H53Q-7MHQ Django has potential DoS via MultiPartParser through crafted multipart uploads
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...
PYSEC-2026-48
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace.Earlier, unsupported Django series such as...
CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...
GO-2026-4789 Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats
Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats...
CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...
CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...