GHSA-G47V-RWMH-R9F8 eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

Uncontrolled Recursion

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Uncontrolled Recursion through the getrawbodytext function. An attacker can cause the application to crash by supplying an email file with deeply nested message/rfc822 attachments, leading to...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the POST /oauth2/token parser process. An attacker can cause repeated panics and degrade service availability by sending specially crafted form-encoded requests with...

GHSA-F8QV-7X5W-QR48 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

EUVD-2026-28839

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

CVE-2026-42212

CVE-2026-42212 – SolidCAM-GPPL-IDE (Postprocessor IDE) affects versions 1.0.0–1.0.1 of the unofficial SolidCAM extension. The VMID parser loads XML with XDocument.Load(...) without XmlReaderSettings, enabling DTD processing and leading to XXE and related risks. Impact per sources includes local f...

CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

Type Confusion

Overview Affected versions of this package are vulnerable to Type Confusion in code compilation. An attacker can execute arbitrary code by providing malicious input. Notes: This is only exploitable if the system compiles untrusted or attacker-controlled code. Workaround This vulnerability can be...

EUVD-2026-28787

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector...

GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

CVE-2026-29975

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

CVE-2026-41887

The CVE-2026-41887 entry affects Flarum core prior to versions 1.8.16 and 2.0.0-rc.1, where values assigned to LESS-configurable settings (e.g., theme_primary_color/theme_secondary_color) are interpolated into LESS at compile time. An authenticated administrator can inject an arbitrary @import, e...

EEF-CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Summary Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language...

CVE-2026-42793

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...