CLSA-2026-1778250885 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

CLSA-2026-1778170790 quagga: Fix of CVE-2018-5381

CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...

USN-8262-1: Lua vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...

BIT-JRE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

EUVD-2026-28464

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

CVE-2026-29975

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

CVE-2026-29975

CVE-2026-29975 affects lwjson 1.8.1. The vulnerability is in the streaming JSON parser (lwjson_stream.c): end-of-string detection incorrectly checks only the immediately preceding character for escapes, instead of counting consecutive backslashes. This can cause valid JSON strings ending with an ...

PT-2026-39305

Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...

PT-2026-38865

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

PT-2026-39144

Name of the Vulnerable Software and Affected Versions lwjson version 1.8.1 Description Improper input validation in the streaming JSON parser lwjson stream.c occurs because the end-of-string detection logic incorrectly identifies escaped quote characters. The system only checks the immediately...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function ogssbiparseplmnlist in the component NSSF’s...

Linux Distros Unpatched Vulnerability : CVE-2026-41650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the --...