CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в expat, firefox, thunderbird

In libexpat before version 2.7.4, the doContent function does not properly determine the buffer size bufSize, as there is no check for integer overflow during the reallocation of the tag buffer...

7.8CVSS7AI score0.00007EPSS

OSV•added 2026/05/01 5:50 p.m.•2 views

JLSEC-2026-380

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

7.8CVSS7AI score0.00007EPSS

OSV•added 2026/04/17 5:30 p.m.•4 views

CLSA-2026-1773928447 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix integer overflow in tag buffer reallocation in doContent function...

OSV•added 2026/03/23 2:52 p.m.•3 views

CLSA-2026-1774021165 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix memory corruption via integer overflow in doContent function during tag buffer reallocation...

7.8CVSS7.5AI score0.00007EPSS

CloudLinux•added 2026/03/23 2:52 p.m.•3 views

expat: Fix of CVE-2026-25210

CVE-2026-25210: fix memory corruption via integer overflow in doContent function during tag buffer reallocation...

7.8CVSS6AI score0.00007EPSS

Exploits0

OSV•added 2026/03/20 3:43 p.m.•2 views

CLSA-2026-1774021417 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix memory corruption via integer overflow in doContent function during tag buffer reallocation...

OSV•added 2026/03/20 11:40 a.m.•3 views

CLSA-2026-1774006814 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix integer overflow in tag buffer reallocation in doContent...

7.8CVSS7.5AI score0.00007EPSS

OSV•added 2026/03/19 1:49 p.m.•2 views

CLSA-2026-1773928179 expat: Fix of CVE-2026-25210

Fix CVE-2026-25210: integer overflow in doContent tag buffer reallocation...

OSV•added 2026/03/19 1:33 p.m.•2 views

CLSA-2026-1773927217 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix integer overflow in tag buffer reallocation in doContent function...

7.8CVSS7.5AI score0.00007EPSS

OSV•added 2026/03/19 1:20 p.m.•3 views

CLSA-2026-1773926416 expat: Fix of CVE-2026-25210

CVE-2026-25210: fix integer overflow in tag buffer reallocation in doContent function...

7.8CVSS6AI score0.00007EPSS

OSV•added 2026/03/19 12:47 p.m.•4 views

CLSA-2026-1773924425 expat: Fix of CVE-2026-25210

Fix CVE-2026-25210: integer overflow in doContent tag buffer reallocation...

Tenable Nessus•added 2026/03/06 12:0 a.m.•2 views

openSUSE 15 Security Update : expat (SUSE-SU-2026:0826-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0826-1 advisory. - CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 - CVE-2026-25210: Fixed an integer overflow in doContent...

7.8CVSS6.9AI score0.00007EPSS

Exploits0References7

OSV•added 2026/03/05 3:16 p.m.•1 views

SUSE-SU-2026:0826-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 - CVE-2026-25210: Fixed an integer overflow in doContent. bsc1257496...

7.8CVSS5.8AI score0.00007EPSS

Exploits0References5

OSV•added 2026/02/25 4:30 p.m.•3 views

SUSE-SU-2026:0647-1 Security update for expat

7.8CVSS5.5AI score0.00007EPSS

Exploits0References5

SUSE Linux•added 2026/02/25 4:29 p.m.•1 views

Security update for expat

This update for expat fixes the following issues: CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 CVE-2026-25210: Fixed an integer overflow in doContent. bsc1257496 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

7.3CVSS5.5AI score0.00007EPSS

Exploits0References8

OSV•added 2026/02/25 4:29 p.m.•2 views

SUSE-SU-2026:0646-1 Security update for expat

7.8CVSS5.5AI score0.00007EPSS

Exploits0References5

Amazon•added 2026/02/19 12:0 a.m.•10 views

Medium: thunderbird

Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...

7.8CVSS6AI score0.00089EPSS

Exploits6

OSV•added 2026/02/06 3:54 p.m.•2 views

OESA-2026-1295 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no...

7.8CVSS5.7AI score0.00007EPSS