PT-2026-49555

Name of the Vulnerable Software and Affected Versions markdown-it affected versions not specified Description A quadratic time complexity issue exists in the smartquotes rule when the typographer: true option is enabled. An attacker can provide markdown input containing a large number of...

Linux Distros Unpatched Vulnerability : CVE-2026-7383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact...

CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

EUVD-2025-210020

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

MiracleLinux 8 : openssl-1.1.1k-5.el8 (AXSA:2021-2837:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2837:06 advisory. openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 Tenable has extracted the preceding description block directly from the MiracleLinux...

MGASA-2025-0326 Updated golang packages fix security vulnerabilities

Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. CVE-2025-61727 Excessive resource consumption when printing error string for host certificate validation in crypto/x509. CVE-2025-61729...

EUVD-2021-1960

Malware in sbrugna...

EUVD-2008-3132

Malware in sbrugna...

EUVD-2023-34841

Malicious code in bioql PyPI...

The vulnerability of the Jinja HTML templating engine’s compiler allows attackers to bypass the sandbox’s security mechanisms, execute arbitrary code or cause a service failure.

The vulnerability of the Jinja HTML templating engine compiler is related to its failure to properly handle special control elements during f-string processing. Exploiting this vulnerability allows an attacker to bypass the sandbox’s security mechanisms, execute arbitrary code, or cause service...

CVE-2025-26699

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

CVE-2024-56828

CVE-2024-56828 affects ChestnutCMS up to 1.5.0. The /api/member/avatar endpoint accepts a base64 data URL, decodes the payload via the service’s uploadAvatarByBase64, and derives a file suffix from the encoded content (substring from the 11th character to the first semicolon). The decoded data is...

DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and prior versions, which is caused by a stack-based overflow when processing query string parameters...

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient string processing within the intcomma template filter when a long string is parsed. This issue can be exploited by an attacker to cause DoS...

Security Bulletin: IBM Db2 Web Query for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

Summary Db2 Web Query uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability with a fix a...

Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...

K5794: Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

GHSA-38FC-WPQX-33J7 Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...