OESA-2026-2301 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

CVE-2026-8292

A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarelparse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has...

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service (CVE-2025-58754)

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service. form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATHINFO to a group URI, as demonstrated by index.php/article/group/id/2/...

EUVD-2004-2003

Malware in sbrugna...

EUVD-2018-3160

Malware in sbrugna...

EUVD-2018-11022

Malware in sbrugna...

EUVD-2020-23318

Malware in sbrugna...

EUVD-2020-7470

Malware in sbrugna...

EUVD-2023-1353

Malicious code in bioql PyPI...

CVE-2024-50353

ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than...

Moderate: xdg-utils security update

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop. Security Fixes: xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 For more details about the security issues...

CVE-2025-4143 Missing validation of redirect_uri on authorize endpoint

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

GHSA-6FX8-H7JM-663J parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. PoC js async function exploit const parseuri = require"parse-uri"; // This input is designed to cause excessive backtracking in the regex const craftedInput = 'http://example.com...

PT-2025-2692

Name of the Vulnerable Software and Affected Versions Google Go versions up to 1.22.10/1.23.4 Description A certificate with a URI which has an IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

USN-6414-2 python-django vulnerabilities

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...

SUSE CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...