Skip to main content
CVE-2026-13713 PATCH This Week

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node stored under that name with syck_free_node. That node can still be live on the parser's value stack, so syck_hdlr_add_node reaches it again and frees it a second time. On a normal build the 48-byte node chunk is freed twice and the interpreter aborts. Anchors need no special flags, so this is reached on the default Load path, and a 7-byte document that redefines an anchor triggers it. Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor mid-parse crashes the interpreter, a denial of service.

Denial Of Service Memory Corruption Use After Free Yaml
NVD GitHub
CVE-2026-38158 Awaiting Data

A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements.

SQLi
NVD GitHub
CVE-2026-52724 MEDIUM PATCH GHSA This Month

TLS certificate verification bypass in Kuma's kuma-dp data plane allows an on-path attacker to intercept the dataplane authentication token and inject a forged bootstrap configuration, effectively taking over the proxy. Affected deployments are Universal mode installations where operators start kuma-dp against an HTTPS control plane without supplying a CA certificate via --ca-cert-file or the KUMA_CONTROL_PLANE_CA_CERT environment variable. Standard Kubernetes installations using kumactl or the official Helm chart are not affected because the mutating admission webhook automatically injects the CA certificate. No public exploit or CISA KEV listing is present at time of analysis; patch releases are available across all supported branches.

Code Injection Kubernetes
NVD GitHub
CVE-2026-44909 CRITICAL Act Now

Memory exhaustion and denial-of-service across HTTP/2 server implementations allow remote unauthenticated attackers to crash or severely degrade affected services by intentionally stalling flow control using standard HTTP/2 protocol frames. Researched and reported by the Okta Red Team and coordinated through CERT/CC as VU#885548, this class of vulnerability is tracked across three CVEs (CVE-2026-59762, CVE-2026-59173, CVE-2026-44909) affecting multiple vendor implementations including F5 BIG-IP. By advertising SETTINGS_INITIAL_WINDOW_SIZE=0 and withholding WINDOW_UPDATE frames across many simultaneous streams, an attacker forces vulnerable servers to buffer unbounded response data in memory with no ability to transmit it, leading to OOM kills, swap exhaustion, or connection and worker resource starvation. No public exploit code has been identified and no CISA KEV listing is present at time of analysis.

Apple Denial Of Service Mozilla
NVD
CVE-2026-59173 CRITICAL Act Now

Memory exhaustion denial-of-service affects HTTP/2 server implementations that fail to cap buffered response data under stalled flow-control conditions. A remote unauthenticated attacker opens many simultaneous HTTP/2 streams while advertising SETTINGS_INITIAL_WINDOW_SIZE = 0 or withholding WINDOW_UPDATE frames, forcing the server to accumulate unbounded in-memory response buffers it cannot transmit. Under permissive resource limits this can trigger OOM kills, swap exhaustion, and full system unresponsiveness; under tighter limits, connection and worker pool exhaustion degrades availability for legitimate clients. Reported 2026-07-16 by Okta Red Team and coordinated as CERT VU#885548 covering at least three CVE IDs (CVE-2026-59762, CVE-2026-59173, CVE-2026-44909) across multiple vendor implementations. No public exploit code identified at time of analysis, and CISA KEV listing not confirmed.

Apple Denial Of Service Mozilla
NVD
CVE-2026-50166 MEDIUM PATCH GHSA This Month

TLS certificate verification bypass in Kuma's kumactl CLI tool allows network-adjacent attackers to intercept API tokens via man-in-the-middle attack. When an operator adds an HTTPS control plane profile without supplying --ca-cert-file, kumactl silently disables TLS verification (InsecureSkipVerify=true) and transmits API tokens over the unverified connection. A successful intercept grants the attacker the ability to impersonate the operator and issue privileged commands to the control plane. No public exploit identified at time of analysis; vendor-released patches are available.

Information Disclosure
NVD GitHub
CVE-2026-3031 Monitor

Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project.

Information Disclosure Image
NVD
CVE-2026-57074 PATCH This Week

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.

Buffer Overflow Information Disclosure Xml
NVD GitHub VulDB
CVE-2026-57073 PATCH This Week

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Buffer Overflow Information Disclosure Html
NVD GitHub
CVE-2026-13401 PATCH Monitor

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.

Denial Of Service Xml
NVD GitHub VulDB
CVE-2026-13397 PATCH Monitor

HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Denial Of Service Html
NVD GitHub
CVE-2025-45870 Awaiting Data

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion (LFI) in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories.

Authentication Bypass Path Traversal N A
NVD GitHub
CVE-2026-36425 Awaiting Data

An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user can open the device and send process termination requests without privilege validation.

Information Disclosure N A
NVD GitHub
CVE-2025-45868 Awaiting Data

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input.

SQLi N A
NVD GitHub
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy