CVE-2026-5235

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been...

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to cross-site scripting (CVE-2026-25896)

Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in Node.js module...

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:1153-1 Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...

Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:1152-1 Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...

PT-2026-29356

Name of the Vulnerable Software and Affected Versions Alerta versions prior to 9.1.0 Description Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings whe...

Bento4 安全漏洞

Bento4 is an open-source C++ library developed by Axiomatic Systems, designed for reading and writing MP4 files. Versions of Bento4 prior to 1.6.0-641 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow issue in the AP4BitReader::ReadCache function of the...

Bento4 安全漏洞

Bento4 is an open-source C++ library developed by Axiomatic Systems for reading and writing MP4 files. Versions of Bento4 prior to 1.6.0-641 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of the parameter npresentations in the AP4BitReader::SkipBits...

PT-2026-29406

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4 BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n presentations leads to heap-based buffer overflow. The attack needs to be performed...

PT-2026-29402

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4 BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2026-3945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote...

RHEL 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:6259)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6259 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

[SECURITY] Fedora 42 Update: mingw-expat-2.7.5-1.fc42

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

EUVD-2026-17166

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...