2026-03-20 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2006-10002 | TODDR - XML::Parser | XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl’s read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: total | XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes | github |
| CVE-2024-42210 | HCLSoftware - Unica Marketing Operations (Plan) | A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. | CVSS3.1: 7.6 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability | github |
This post is licensed under CC BY 4.0 by the author.