EUVD-2026-1139

Malicious code in oj-sp-common-strings npm...

Malicious Package

Overview oj-sp-common-strings is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

PT-2026-26102

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.6 through 6.14 Description The Linux kernel contains an issue where the xchk xfile descr macros utilize kasprintf, which may fail to allocate memory if the resulting formatted string exceeds a certain length. This can...

PT-2026-28095

Name of the Vulnerable Software and Affected Versions V8 versions 20.x through 25.x Description A flaw exists in V8's string hashing mechanism where integer-like strings are hashed to their numeric value, leading to predictable hash collisions. An attacker can exploit this by crafting requests th...

PT-2026-24124

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. A stack buffer overflow exists in the morphology kernel parsing functions...

PT-2026-4919

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in GLib related to its Unicode case conversion implementation. An integer overflow can lead to memory corruption when processing specially crafted, large Unicode strings. This...

SUSE CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

EUVD-2023-60389

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

UBUNTU-CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

CVE-2023-54252

CVE-2023-54252 refers to a Linux kernel issue in the x86 ThinkStation WMI handling (platform/x86: think-lmi). The root cause is a memory leak where the tlmi_setting item allocated during WMI string parsing was not freed, with an accompanying renaming to avoid confusion with a similarly named vari...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not freeing memory when parsing WMI strings, which could lead to a memory leak...

CLSA-2025-1767000167 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checks to prevent crashes and improperly escaped data when PostgreSQL rejects invalid strings...

SUSE CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

EUVD-2021-34746

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

DreamFactory Core 操作系统命令注入漏洞

DreamFactory Core is an open source DreamFactory core service from DreamFactory Software. DreamFactory Core suffers from an operating system command injection vulnerability that stems from a lack of validation of user-supplied strings in the implementation of the saveZipFile method, which could...

CVE-2021-47713

Affected software: Hasura GraphQL Engine, version 1.3.3. Vulnerability: Denial-of-service via crafted GraphQL queries with excessively nested fields, enabling an attacker to use long query strings and multi-threaded requests to exhaust server resources and potentially crash the GraphQL endpoint. ...

CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...