SUSE CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

GHSA-7G26-2QGJ-CHFG CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact...

CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, cross-platform programming language from the Perl community. Versions of Perl 5.43.10 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow vulnerability that occurs when compiling regular expressions...

EUVD-2026-31772

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

Security Bulletin: A runtime-7.23.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in runtime-7.23.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

CVE-2026-33079

A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

UBUNTU-CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

CVE-2026-48700

PCManFM-Qt (all versions starting from 1.1.0) is affected by an issue where passing a regular file’s path as a URI in the org.freedesktop.FileManager1.ShowFolders D-Bus call causes PCManFM-Qt to launch another program based on the file type without user confirmation. This could enable code execut...

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...