Search CVE reports

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being...

[Privilege Escalation via Identity Headers in External OAuth2 Tokens]

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote...

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote...

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or...

Integer overflow in g_buffered_input_stream_peek() leads to segmentation fault

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can...

A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.

A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.