OESA-2026-1751 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

OESA-2026-1749 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

PT-2026-28570

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows users to build semantic templates. A flaw exists where the @partial-block special variable is stored in the template data context and is mutable from within a template via...

Handlebars.js 安全漏洞

Handlebars.js is an open-source JavaScript templating engine developed by The Handlebars Templating Language project. Versions of Handlebars.js 4.7.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the special variable @partial-block, which could be overwritten...

Important: openssl11

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths,...

ALPINE-CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

WordPress plugin WP Map Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to improper input cancellation during page creation, allows a violator to carry out cross-site scripting attacks.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the possibility of exploiting XSS attacks in the partial block function. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out cross-site scripting attacks...

BIT-MEDIAWIKI-2021-31548

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed...

Design/Logic Flaw

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed...