CLSA-2026-1778250885 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

CLSA-2026-1778170790 quagga: Fix of CVE-2018-5381

CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...

USN-8262-1: Lua vulnerability

It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

CVE-2026-44927

Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...

BIT-JRE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

EUVD-2026-28464

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

CVE-2026-29975

CVE-2026-29975 affects lwjson 1.8.1. The vulnerability is in the streaming JSON parser (lwjson_stream.c): end-of-string detection incorrectly checks only the immediately preceding character for escapes, instead of counting consecutive backslashes. This can cause valid JSON strings ending with an ...

CVE-2026-29975

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

PT-2026-39305

Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

PT-2026-38860

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

PT-2026-39144

Name of the Vulnerable Software and Affected Versions lwjson version 1.8.1 Description Improper input validation in the streaming JSON parser lwjson stream.c occurs because the end-of-string detection logic incorrectly identifies escaped quote characters. The system only checks the immediately...

Lightweight JSON text parser 安全漏洞

Lightweight JSON Text Parser is a lightweight JSON text parsing library developed by Tilen Majerle. Version 1.8.1 of Lightweight JSON Text Parser has a security vulnerability. This vulnerability stems from a logical error in the string termination detection mechanism of the streaming JSON parser,...

Uriparser 安全漏洞

UriParser is a C89-compatible library for parsing and processing URIs, strictly conforming to RFC 3986 standards. Versions of UriParser prior to 1.0.2 contained security vulnerabilities; these vulnerabilities stemmed from the EqualsUri function potentially incorrectly classifying two unequal URIs...