5375 matches found
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CLSA-2026-1774363216 vim: Fix of 3 CVEs
CVE-2026-28420: fix heap-buffer-overflow in :terminal when processing Unicode combining characters from supplementary planes - CVE-2026-28418: fix OOB read in Emacs tags parsing with overlong tag file - CVE-2026-28419: fix heap-buffer-underflow in Emacs tags parsing when delimiter appears at...
GO-2026-4770 Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk...
openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...
GHSA-394X-VWMW-CRM3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...
CLSA-2026-1773999595 compat-openssl11: Fix of CVE-2025-69419
CVE-2025-69419: Fix heap buffer overflow in PKCS12 Unicode to UTF-8 conversion...
OESA-2026-1683 glib2 security update
GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A flaw was found in GLib. An integer...
GHSA-Q382-VC8Q-7JHJ Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...
Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...
EUVD-2006-7232
XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...
RUSTSEC-2026-0044 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid DNS identifiers, causing NAMECONSTRAINTScheckCN to skip validation. However,...
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid DNS identifiers, causing NAMECONSTRAINTScheckCN to skip validation. However,...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Vim vulnerabilities (USN-8101-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8101-1 advisory. Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. A...
USN-8101-1: Vim vulnerabilities
Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...
USN-8101-1 vim vulnerabilities
Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...
EUVD-2026-12181
XSS in @leanprover/unicode-input-component...
lean4monaco (>=1.1.0 <=1.1.7) potentially affected by CVE-2026-32732 via @leanprover/unicode-input-component (=0.1.9)
@leanprover/unicode-input-component NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on @leanprover/unicode-input-component and may be impacted: - lean4monaco =1.1.0, =1.1.7 Source cves: CVE-2026-32732 Source advisory:...
GHSA-6GGM-PWR9-R5H2 XSS in @leanprover/unicode-input-component
Impact Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. Patches The issue has been resolved in 0.2.0. Workarounds Replace the...
XSS in @leanprover/unicode-input-component
Impact Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. Patches The issue has been resolved in 0.2.0. Workarounds Replace the...