PT-2026-24168

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The...

PT-2026-24118

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A flaw exists in the server's authorized middleware, which is designed to protect server-side API...

CVE-2026-30227

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

UTT HiPER 810G 安全漏洞

UTT HiPER 810G is a firewall router produced by UTT Corporation. Versions of UTT HiPER 810G prior to 1.7.7-171114 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations on the strcpy function in the file/goform/formConfigDnsFilterGlobal, which could lead to...

CVE-2026-29788

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2026-30227

MimeKit prior to 4.15.1 contains a CRLF injection vulnerability in the SMTP envelope local-part when it is a quoted-string, allowing injection of \r\n into mailbox addresses via MailboxAddress . This can lead to SMTP command injection (e.g., extra RCPT TO/DATA/RSET) and potentially header injecti...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

GHSA-5MQ8-78GM-PJMQ defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

CLSA-2026-1772813746 php: Fix of CVE-2017-9119

CVE-2017-9119: handle memory limit error during string reallocation correctly...

CLSA-2026-1772811390 php: Fix of CVE-2017-9119

CVE-2017-9119: handle memory limit error during string reallocation correctly...

Updated vim packages fix security vulnerabilities

OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...

EUVD-2026-9969

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

PT-2026-23792

Name of the Vulnerable Software and Affected Versions Defuddle versions prior to 0.9.0 Description Defuddle contains a flaw in the findContentBySchemaText method within src/defuddle.ts. This method directly interpolates image src and alt attributes into an HTML string without proper escaping. An...

stellar-xdr 安全漏洞

Stellar-xdr is an open-source data format processing library developed by Stellar. Versions of Stellar-xdr prior to 25.0.1 contained security vulnerabilities. These vulnerabilities stemmed from StringM::fromstr not verifying that the input length was within the declared maximum value, allowing fo...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

CVE-2026-30785

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...