PT-2026-39722

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...

XSStrike 3.1.6

XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

CLSA-2025-1756923561 clamav: Fix of 8 CVEs

Update to 1.0.9 LTS version - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems...

SUSE-SU-2025:20507-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403 - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404 - CVE-2025-47806: Fixed Stack buffer overflow in SubRip...

SUSE CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

PEASS-ng

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix\ and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors s...

Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

DEBIAN-CVE-2024-11168

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

CVE-2022-48776

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak...

CVE-2022-48776

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak...

CVE-2022-48777

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition case when the entry name is empty the kernel panics in the cleanup function as the name entry is NULL. Rework the parser logic by first...

Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

Fedora: Security Advisory for rust-tree-sitter-cli (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-tree-sitter-cli-0.22.5-2.fc40

CLI tool for developing, testing, and using Tree-sitter parsers...

[SECURITY] Fedora 40 Update: univocity-parsers-2.9.1-13.fc40

uniVocity-parsers is a suite of extremely fast and reliable parsers for Java. It provides a consistent interface for handling different file formats, and a solid framework for the development of new parsers...

[SECURITY] Fedora 40 Update: sac-1.3-46.fc40

SAC is a standard interface for CSS parsers, intended to work with CSS1, CSS2, CSS3 and other CSS derived languages...

[SECURITY] Fedora 40 Update: antlr-2.7.7-77.fc40

ANTLR, ANother Tool for Language Recognition, formerly PCCTS is a language tool that provides a framework for constructing recognizers, compilers, and translators from grammatical descriptions containing C++ or Java actions You can use PCCTS 1.xx to generate C-based parsers...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

WSO2 products vulnerable to XML External Entity attack

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity XXE attack abuses a widely available but rarely used feature of XML parsers to access sensitive information...

CVE-2023-2226

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...