Lucene search
K

3644 matches found

Cvelist
Cvelist
added 8 hours ago4 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS
Exploits0References1
Debian CVE
Debian CVE
added 8 hours ago2 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS5.8AI score0.00011EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added yesterday4 views

Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS5.8AI score0.00011EPSS
Exploits1References4
Oracle linux
Oracle linux
added yesterday3 views

expat security update

2.5.0-2 - Fix CVE-2026-45186 - Resolves: RHEL-177979...

7.5CVSS5.8AI score0.00011EPSS
Exploits1
Photon
Photon
added yesterday2 views

Critical Photon OS Security Update - PHSA-2026-5.0-0862

Updates of 'unbound', 'wireshark', 'python3-pip', 'expat', 'python3' packages of Photon OS have been released...

10CVSS5.8AI score0.00322EPSS
Exploits2
OSV
OSV
added yesterday2 views

ALSA-2026:22721 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS5.8AI score0.00011EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added yesterday1 views

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS6.2AI score0.00205EPSS
Exploits1References25
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-7210

A flaw was found in the python and expat components. Insufficient entropy in the hash-flooding protection mechanism of xml.parsers.expat and xml.etree.ElementTree allows a remote attacker to craft a malicious XML document. This crafted document can trigger a hash flooding attack, leading to a...

9.8CVSS5.7AI score0.00062EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Ubuntu 16.04 LTS : CableSwig vulnerabilities (USN-8316-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8316-1 advisory. It was discovered that Expat, vendored in CableSwig, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or...

9.8CVSS7.1AI score0.11027EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 5 days ago6 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0References3
Rockylinux
Rockylinux
added 6 days ago7 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

9.1CVSS7.5AI score0.00205EPSS
Exploits1
OSV
OSV
added 6 days ago5 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00011EPSS
Exploits1References2
OSV
OSV
added 6 days ago5 views

OESA-2026-2499 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

7.5CVSS5.8AI score0.00013EPSS
Exploits0References2
OSV
OSV
added 6 days ago4 views

OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

7.5CVSS5.8AI score0.00013EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : XML-RPC for C and C++ vulnerabilities (USN-8313-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8313-1 advisory. It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An...

9.8CVSS7.1AI score0.11027EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Ubuntu 16.04 LTS : Ayttm vulnerabilities (USN-8314-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8314-1 advisory. It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute...

9.8CVSS7.1AI score0.11027EPSS
Exploits0References3
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0References1
Cvelist
Cvelist
added last week23 views

CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS0.00064EPSS
Exploits0References7
EUVD
EUVD
added last week6 views

EUVD-2026-33006

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0References7
Rows per page
Query Builder