CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

Medium: python3.14

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

9.8CVSS5.4AI score0.00172EPSS

Exploits1

Tenable Nessus•added 4 days ago•4 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1774)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1774 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result ...

9.8CVSS5.5AI score0.00172EPSS

Exploits1References12

OSV•added 2026/06/05 10:55 a.m.•5 views

BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

9.8CVSS5.8AI score0.00172EPSS

Exploits0References10

OSV•added 2026/06/05 10:47 a.m.•3 views

BIT-LIBPYTHON-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

9.8CVSS5.8AI score0.00172EPSS

Exploits0References10

RedhatCVE•added 2026/06/02 11:42 p.m.•8 views

CVE-2026-7210

A flaw was found in the python and expat components. Insufficient entropy in the hash-flooding protection mechanism of xml.parsers.expat and xml.etree.ElementTree allows a remote attacker to craft a malicious XML document. This crafted document can trigger a hash flooding attack, leading to a...

9.8CVSS5.7AI score0.00172EPSS

Exploits0References6

OSV•added 2026/05/29 1:35 p.m.•7 views

OESA-2026-2499 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

OSV•added 2026/05/29 1:35 p.m.•5 views

OESA-2026-2498 expat security update

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

Amazon•added 2026/05/26 12:0 a.m.•12 views

Low: thunderbird

Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: thunderbird Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL...

7.5CVSS5.8AI score0.00013EPSS

Exploits0

Amazon•added 2026/05/26 12:0 a.m.•11 views

Low: firefox

Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extra...

7.5CVSS5.8AI score0.00013EPSS

Exploits0

Tenable Nessus•added 2026/05/16 12:0 a.m.•9 views

Amazon Linux 2023 : firefox (ALAS2023-2026-1706)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1706 advisory. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Tenable has extracted the preceding description block directly from the test...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References4

OSV•added 2026/05/15 2:0 p.m.•4 views

OESA-2026-2295 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

OSV•added 2026/05/15 2:0 p.m.•5 views

OESA-2026-2294 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

OSV•added 2026/05/15 2:0 p.m.•6 views

OESA-2026-2293 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2

Amazon•added 2026/05/15 12:0 a.m.•11 views

Low: firefox

Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1706 --releasever...

7.5CVSS5.8AI score0.00013EPSS

Exploits0

Tenable Nessus•added 2026/05/14 12:0 a.m.•64 views

Linux Distros Unpatched Vulnerability : CVE-2026-7210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...

9.8CVSS5.8AI score0.00172EPSS

Exploits0References4