Uriparser 安全漏洞

UriParser is a C89-compatible library for parsing and processing URIs, strictly conforming to RFC 3986 standards. Versions of UriParser prior to 1.0.2 contained security vulnerabilities; these vulnerabilities stemmed from the EqualsUri function potentially incorrectly classifying two unequal URIs...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function ogssbiparseplmnlist in the component NSSF’s...

PT-2026-38682

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.2 Description The function family EqualsUri can misclassify two unequal URIs as equal. Recommendations Update to version 1.0.2 or later. As a temporary workaround, restrict the use of the EqualsUri function unti...

PT-2026-38865

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

Linux Distros Unpatched Vulnerability : CVE-2026-41650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the --...

PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

PT-2026-39255

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The NRF root SBI endpoint "POST /oauth2/token" contains a parser-level type-confusion bug. The handler in NFs/nrf/internal/sbi/api accesstoken.go uses reflection over...

CVE-2026-29975

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

CVE-2026-8034

CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...

CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

CVE-2026-42468

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatpcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input...

JLSEC-2026-488 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap...

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

EUVD-2025-209730

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

GHSA-587P-W43Q-4HJX query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

NPM: query-parser-string is vulnerable to Prototype Pollution

NPM: query-parser-string is vulnerable to Prototype Pollution vulnerability discovered by ? in WordPress Npm query-string-parser versions 1.0.0...

query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

Prototype Pollution

Overview query-string-parser is a Rack style query string parser for Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the fillValue function. An attacker can modify the prototype of built-in objects by supplying crafted query parameters. Details Prototype...

JLSEC-2026-468

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...