CVE-2025-61020

A flaw was found in openlink virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements to the sqlostripinjoin component. This can lead to a Denial of Service DoS, making the service unavailable to legitimate users...

UBUNTU-CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-open...

CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2025-61020

The CVE-2025-61020 entry concerns the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11, where crafted SQL statements can trigger a Denial of Service. Documented impact is DoS; no explicit exploit details or mitigations are provided in the connected sources. The available recor...

Chromium: CVE-2026-12455 Use after free in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in binutils

In the GNU Binutils before version 2.40, there is a heap-buffer-overflow issue in the error function bfdgetl32 when called from the stripmain function in strip-new, through a specially crafted file...

Astra Linux – Vulnerability in Chromium

In Google Chrome, a out-of-bounds read in the Tab Strip feature was exploited before version 92.0.4515.131. This allowed an attacker to convince a user to install a malicious extension, enabling them to perform an out-of-bounds memory read through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Strip component in Google Chrome prior to version 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

CVE-2026-12455

An use after free flaw was found in the Tab Strip component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517069848...

SUSE CVE-2026-12455

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Siemens RUGGEDCOM RST2428P Improper Resource Shutdown or Release (CVE-2025-1376)

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elfstrptr in the library /libelf/elfstrptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The...

CVE-2026-45617

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

CVE-2026-44644 LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

EUVD-2026-37540

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-12455

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...