Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

Linux Distros Unpatched Vulnerability : CVE-2026-45130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

EUVD-2026-28871

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the utf16letoutf8truncated function. An attacker can cause data to be written beyond the end of a buffer by triggering the conversion of Windows error messages containing characters that require 4-byte UTF-8...

JLSEC-2025-52 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che...

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

CVE-2025-1788

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...

PT-2024-40753 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2024-40301 · Packagist · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A security issue exists due to a too loose type check in an API method. This allows attackers to bypass the directory traversal check by providing an invalid UTF-8 encoding sequence...

Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

SUSE CVE-2014-1558

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service X.509 certificate parsing outage via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559...

SUSE CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding...

Eclipse OpenJ9 缓冲区错误漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A buffer overflow vulnerability exists in Eclipse OpenJ9 versions prior to 0.23, which stems from a stack-based buffer overflow that can occur when the virtual machine ...

Command Execution Vulnerability in WDJA Web Content Management System

WDJA Web Content Management System is a set of existing modules can be expanded and cloned PHP open source CMS system , using UTF-8 coding , to take the language/code/program two separate technical modes . WDJA Web Content Management System has a command execution vulnerability that can be...

Backdoor Vulnerability in Central CMS 3.0

Azeus CMS is a cms system made by Azeus Studio, this CMS is written in UTF-8 coding. A backdoor vulnerability exists in Azeus CMS 3.0, which can be exploited by attackers to gain server privileges...

undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)

It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...