Lucene search
K

1017 matches found

UbuntuCve
UbuntuCve
added 2026/04/24 5:16 p.m.7 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/24 4:45 p.m.5 views

EUVD-2026-25572

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.2AI score0.00324EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/24 4:45 p.m.7 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.3AI score0.00324EPSS
Exploits1
Snyk
Snyk
added 2026/04/22 8:17 p.m.11 views

XML Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the serialized output...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/22 7:1 a.m.8 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00604EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

OpenRemote 代码问题漏洞

OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.0 contained code vulnerabilities. These vulnerabilities stemmed from the XML parsing process during asset import in Velbus, where the XML external entities were not properly secured. This allow...

7.6CVSS5.9AI score0.00249EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34615

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions prior to 0.6.0 Description The software allows attacker-controlled comment content to be serialized into XML without validating or neutralizing...

8.7CVSS5.9AI score0.00365EPSS
Exploits0References24
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-21999

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction...

5.3CVSS0.00243EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 8:35 a.m.5 views

SUSE-SU-2026:21263-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-12748: Denial of service in XML parsing bsc1253278. - CVE-2025-13193: Information disclosure via world-readable VM snapshots bsc1253703...

5.5CVSS6AI score0.00204EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/04/18 8:1 a.m.3 views

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

...

7.5CVSS5.8AI score0.00379EPSS
Exploits0
OSV
OSV
added 2026/04/17 1:0 p.m.16 views

OESA-2026-1920 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.5CVSS6.7AI score0.00566EPSS
Exploits0References9
CVE
CVE
added 2026/04/17 10:45 a.m.8 views

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

6.9CVSS5.7AI score0.00426EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/16 10:26 p.m.7 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/16 6:31 p.m.3 views

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy due to insufficient randomness in the hash seed generation process. An attacker can cause excessive CPU consumption by submitting specially crafted XML documents that trigger hash collisions. Remediation Upgrade exp...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 4:52 p.m.44 views

CVE-2026-41080

CVE-2026-41080 affects libexpat prior to 2.7.6, where insufficient entropy in the hash function allows hash flooding when processing crafted XML documents. The CVE is broadly referenced across OSV, Debian, Red Hat, and Ubuntu entries, with the core impact described as a potential DoS due to resou...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 4:52 p.m.7 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/16 2:48 p.m.8 views

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References4
CVE
CVE
added 2026/04/16 4:45 a.m.20 views

CVE-2026-22615

CVE-2026-22615 affects Eaton Intelligent Power Protector (IPP) XML parsing due to improper input validation. An attacker with admin privileges and local access can inject malicious code causing arbitrary command execution. The issue is fixed in the latest Eaton IPP software version available from...

7.2CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
Rockylinux
Rockylinux
added 2026/04/15 12:7 p.m.15 views

perl-XML-Parser security update

An update is available for perl-XML-Parser. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module provides ways to parse XML documents. It is built on top...

9.8CVSS5.8AI score0.00604EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/15 12:4 p.m.11 views

Security update for python36

This update for python36 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contro...

8.2CVSS5.9AI score0.00621EPSS
Exploits0References20
Rows per page
Query Builder