CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

CVE-2026-44666

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: guestmemfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guestmemfd instance, remove the bindings even if the guestmemfd file is dying, i.e., even if its file refcount has gone to...

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013535 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BU...

EUVD-2026-5443

In the Linux kernel, the following vulnerability has been resolved: bonding: limit BONDMODE8023AD to Ethernet devices BONDMODE8023AD makes sense for ARPHRDETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in hwaddrcreate net/core/devaddrlists.c:63 inline BUG: KASAN: global-out-of-boun...

UBUNTU-CVE-2022-50746

In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - mpa == 0 ...

EUVD-2025-150385

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error-ETIMEDOUT in lan78xxreadraweeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 unnamed netdevice uninitialized: EEPROM read...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989239 advisory. In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmcupdateetfbuffer commit 6f755e85c332 coresight:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-391262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-391262 advisory. In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1...

GHSA-QHWP-454G-2GV4 Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

Linux Distros Unpatched Vulnerability : CVE-2025-21891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1...

kernel: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in sesintfremove+0x23f/0x270 ses Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev-components is zero, accessing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a KASAN-reported slab-out-of-bounds error in the platform/x86:ISST subsystem for SST PCI devices...

mariadb: server crash in JOIN_CACHE::free or in copy_fields

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

PT-2025-49663

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the ses enclosure data process function. This issue involves a slab-out-of-bounds read condition, potentially...

UBUNTU-CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

...

grok:grk_decompress_fuzzer: Use-of-uninitialized-value in ojph::local::mel_get_run

Detailed Report: https://oss-fuzz.com/testcase?key=6293861268979712 Project: grok Fuzzing Engine: libFuzzer Fuzz Target: grkdecompressfuzzer Job Type: libfuzzermsangrok Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ojph::local::melgetrun...