144 matches found
CVE-2026-54901
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2026-2106)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveU...
SUSE CVE-2026-50219
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...
CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...
OESA-2026-2187 uriparser security update
The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...
libXpm -- Out-of-bounds read in xpmNextWord()
The X.Org project reports: libXpm uses a number of internal helper functions to parse the XPM file format. One of these internal functions, xpmNextString, checks for the NULL terminator when looking for the end of the current string but not when looking for the beginning of the next string. A sma...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
CLSA-2026-1776070934 grafana: Fix of CVE-2026-25679
rebuild with golang 1.25.7-els2 which fixes the following CVEs - - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse...
CVE-2026-22891
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
AZL-76799 CVE-2025-58190 affecting package cri-o 1.30.1-1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76842 CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2026-0990
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...
MiracleLinux 9 : libxml2-2.9.13-11.el9_6 (AXSA:2025-10680:11)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10680:11 advisory. libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 Tenable has extracted the preceding description block directl...
PT-2026-3018
Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An uncontrolled recursion issue exists in libxml2, an XML parsing library, specifically within the xmlCatalogXMLResolveURI function. This occurs when an XML catalog includes a delegate URI...
AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4
Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...
[SECURITY] Fedora 42 Update: uriparser-1.0.0-1.fc42
Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...
haproxy: denial of service vulnerability in HAProxy mjson library
A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function...
RLSA-2025:22175 Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...