ALSA-2026:15969 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

PT-2026-39710

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description Top-level programs loaded from a file using the '-f' flag are truncated at the first embedded NUL byte. A specially crafted filter file containing a NUL byte followed by an arbitrary suffix will compil...

Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention; this vulnerability stems from the training script registering the Python eval function as a Hydra configuration parser, whic...

CVE-2026-42477

A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...

XML::LibXML 缓冲区错误漏洞

XML::LibXML is an open-source Perl interface tool developed by CPAN authors for parsing and manipulating XML files. Versions of XML::LibXML 2.0210 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the parsing of XML node names that contained truncated UTF-8 byte...

openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...

OESA-2026-2231 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

OESA-2026-2227 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...

OESA-2026-2212 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017369)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017369 advisory. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in...

Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017368)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017368 advisory. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in...

Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017366 advisory. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017357 advisory. lookup in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Unity Linux...

axa-fr-splitter (>=0.0.2 <=0.1.2), cyvoreos (>=0.2.0.3b0 <=0.2.0.7b0) +4 more potentially affected by CVE-2026-44844 via eml-parser (>=1.17.5 <=2.0.1)

eml-parser PYPI version =1.17.5, =0.0.2, =0.2.0.3b0, =1.0.7, =1.1.1, =0.1.13, =0.0.99.dev0, =0.0.125.dev0 Source cves: CVE-2026-44844 Source advisory: OSV:GHSA-G47V-RWMH-R9F8...

GHSA-G47V-RWMH-R9F8 eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

Uncontrolled Recursion

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Uncontrolled Recursion through the getrawbodytext function. An attacker can cause the application to crash by supplying an email file with deeply nested message/rfc822 attachments, leading to...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the POST /oauth2/token parser process. An attacker can cause repeated panics and degrade service availability by sending specially crafted form-encoded requests with...