PT-2026-42173

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead o...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE-SU-2025:4504-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. - CVE-2025-14087: buffer underflow in the GVariant parser...

Fedora 43 : gi-docgen (2025-86cf4f2eed)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-86cf4f2eed advisory. gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. The severity of this issue depends on what else is hosted on the same domain as the...

Fedora 42 : gi-docgen (2025-b4184a589e)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b4184a589e advisory. gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. The severity of this issue depends on what else is hosted on the same domain as the...

Nintendo: [Xenoblade Chronicles X: Definitive Edition] Buffer overflow in string escape function, multiplayer DoS

A buffer overflow vulnerability was discovered in the string escape function of Xenoblade Chronicles X: Definitive Edition, which could have led to a denial-of-service DoS issue in the game's multiplayer mode...

Sql injection

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes...

CVE-2018-10102

Before WordPress 4.9.5, the version string was not escaped in the getthegenerator function, and could lead to XSS in a generator tag...

Cross-site Scripting (XSS)

r18n is vulnerable to cross-site scripting XSS attacks. If the htmlsafe method is not defined in an environment, the htmlsafe? method will return true even though the string is not escaped...