PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that under 802.1X mode, if there are devices supporting EAPOL in the back-end VLAN,...

GHSA-M88R-RG27-5XFG Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

Security Advisory 0140

Security Advisory 0140 PDF Date: June 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-10040 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSSv4.0 Base Score: 6.8...

ALSA-2026:22715 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

PT-2026-46696

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...

PT-2026-46723

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue in the XML component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted XML file. Type confusion occurs...

Windows Scheduled Task Persistence Using S4U Authentication

This Python script defines a class called S4UPersistence that automates the creation of a Windows Scheduled Task to repeatedly execute an executable payload. It generates a Task Scheduler XML configuration and uses the S4U logon type, allowing the task to run without requiring an interactive...

Chromium: CVE-2026-9966 Integer overflow in XML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-33089

Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-9947

An use after free flaw was found in the XML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503627446...

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

PT-2026-44399

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...

Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

UBUNTU-CVE-2026-45952

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

UBUNTU-CVE-2026-45851

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account for...

CVE-2026-45851

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account for...

CVE-2026-45851

efi: Fix reservation of unaccepted memory table...