EUVD-2026-33986

React Router has stored XSS via unescaped Location header in prerendered redirect HTML...

React Router has stored XSS via unescaped Location header in prerendered redirect HTML

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

PT-2026-46095

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

Astra Linux - уязвимость в openssl

Issue Summary: Generating excessively long X9.42 DH keys or checking overly long X9.42 DH keys or parameters can be very slow. Applications that use functions like DHgeneratekey to generate an X9.42 DH key may experience prolonged delays. Similarly, applications that use DHcheckpubkey,...

Astra Linux - уязвимость в openssl

Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the key or parameters are obtained from an untrusted source, this ca...

Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

CVE-2026-41134 Kiota: Code Generation Literal Injection

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

EUVD-2026-25094

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

Kiota: Code Generation Literal Injection

CVE Advisory CVE-2026-41134: Code Generation Literal Injection in Kiota Summary Kiota versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template...

CVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the CRL number parsing process. An attacker can cause memory corruption or execute arbitrary code by providing a specially crafted CRL with a maliciously sized CRL number. This is only exploitable if CRL support ...

EUVD-2026-13150

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

CVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

CVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

CVE-2026-3548

Two concrete vulnerabilities affect the wolfSSL CRL parser: heap-based and stack-based buffer overflows when parsing CRL numbers, triggered by crafted CRLs and only in builds with CRL support enabled. The issue stems from storing the CRL number as a hexadecimal string, enabling out-of-bounds writ...

CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

OpenClaw Access Control Error Vulnerability (CNVD-2026-14390)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...

SUSE-SU-2026:0579-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection bsc1257440. - CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...

Ubuntu: Security Advisory (USN-8011-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...