EUVD-2026-12534

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

CVE-2026-0708

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

CVE-2026-0708

CVE-2026-0708 (Libucl) describes a denial-of-service in libucl caused by a crafted UCL input containing a key with an embedded null byte. This can trigger a segmentation fault in ucl_object_emit during parsing/emitting, leading to DoS on affected systems. The CVSS base score is 8.3 ( HIGH ) with ...

libucl 安全漏洞

Libucl is a C-language general configuration library parser developed by Vsevolod Stakhov. Libucl has a security vulnerability. This vulnerability arises from the uclobjectemit function during parsing and emitting UCL inputs containing embedded null-byte keys, which may lead to a denial-of-servic...

Malicious code in notr-ucl-vibni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6736dd98f43e3f0f4cc8e8475582e4ee2d892941b69c7363c9f114088d428ede This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in madrid-ucl-vibni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09eebc2369ad3baa2f9299a968c329091eb03cc3e81ecde8e43fd88015ecd1f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in madrid-ucl-v (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0527b191c6c44cd3b4d886b4f2eb29bd8a8251b36514401f864066fe0b0ad7fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in madrid-ucl-vib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25538033c2483cc67c866bf2c555f2d609a632a5f65b97c54d30515a0ff8db47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-31332

Malicious code in bioql PyPI...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

CVE-2025-11010 vstakhov libucl ucl_util.c ucl_include_common heap-based overflow

A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function uclincludecommon of the file /src/uclutil.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the...

PT-2025-39631

Name of the Vulnerable Software and Affected Versions libucl versions up to 0.9.2 Description A flaw exists in the ucl include common function within the /src/ucl util.c file. This can lead to a heap-based buffer overflow. Local access is needed for exploitation. The exploit details have been...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclparsemultilinestring function. An attacker with local access can cause a lack of system availability by providing specially crafted input to this function during parsing operations. Remediation A fi...

Debian: Security Advisory (DLA-3991-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3991 : upx-ucl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3991 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3991-1 [email protected] https://www.debian.org/lts/security/...

DLA-3991-1 upx-ucl - security update

Bulletin has no description...

researchlog.grad.ucl.ac.uk Cross Site Scripting vulnerability OBB-3943317

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

superdoc.reso.ucl.ac.be Cross Site Scripting vulnerability OBB-3902287

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...