Ubuntu 16.04 LTS : ITK vulnerabilities (USN-8235-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8235-1 advisory. It was discovered that Expat, vendored in ITK incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-017379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017379 advisory. xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Tenable has extracted the preceding...

USN-8235-1: ITK vulnerabilities

It was discovered that Expat, vendored in ITK incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-25235, CVE-2022-25236...

Linux Distros Unpatched Vulnerability : CVE-2026-25236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe...

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

MiracleLinux 7 : firefox-91.7.0-3.0.1.el7.AXS7 (AXSA:2022-3096:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3096:07 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 8 : thunderbird-91.7.0-2.el8.ML.1 (AXSA:2022-3104:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3104:04 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

CVE-2019-25236

creationtimestamp| type| source ---|---|--- 2025-12-24 20:55:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mar5jzo6uj2a 2025-12-24 21:43:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maraayjehi2q 2026-01-05 16:34:14+00:00| seen|...

CVE-2019-25236 iSeeQ Hybrid DVR WH-H4 1.03R Unauthenticated Live Stream Disclosure

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...

Omnissa Workspace ONE UEM 24.2.x < 24.2.0.36 / 24.6.x < 24.6.0.44 / 24.10.x < 24.10.0.25 (OMSA-2025-0005)

The version of Omnissa Workspace ONE UEM installed on the remote host is prior to 24.2.0.36, 24.6.0.44, or 24.10.0.25. It is, therefore, affected by a vulnerability as referenced in the omsa-2025-0005 advisory. - Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability....

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2022-25236)

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-25236

creationtimestamp| type| source ---|---|--- 2025-11-12 18:20:54+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5hbdk7fjn22...

CVE-2025-25236

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...

CVE-2021-25236

A server-side request forgery SSRF information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep...

Alibaba Cloud Linux 3 : 0021: expat (ALINUX3-SA-2022:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-45960: In Expat aka libexpat befo...

Linux Distros Unpatched Vulnerability : CVE-2022-25236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVE-2022-25236 Note that Nessus...

openSUSE Security Advisory (SUSE-SU-2024:0782-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : python311 (SUSE-SU-2024:0782-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0782-2 advisory. - xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

openSUSE Security Advisory (SUSE-SU-2024:0784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0782-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...