OESA-2026-2499 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

OESA-2026-2295 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

OESA-2026-2294 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

OESA-2026-2293 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

CVE-2026-4827

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

EUVD-2026-29459

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

CVE-2026-4827

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

CVE-2026-4827 Insufficient Entropy vulnerability on Multiple Products

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

CVE-2026-4827 Insufficient Entropy vulnerability on Multiple Products

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

CVE-2026-4827

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...

PT-2026-40017

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Insufficient Entropy occurs when the randomness used in session-management protections is inadequate, potentially allowing a network-based attacker to gain...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy in the xml.parsers.expat and xml.etree.ElementTree components. An attacker can cause excessive CPU consumption and degrade service availability by submitting specially crafted XML documents designed to trigger hash...

CVE-2026-7210

CVE-2026-7210 affects the Python ecosystem’s XML parsers: xml.parsers.expat and xml.etree.ElementTree. The root cause is insufficient entropy in Expat hash-flooding protection, which can be exploited by a crafted XML document to trigger hash collisions. Consequences are severe across affected com...

CVE-2026-7210

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

JLSEC-2026-384

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 use DES-CBC with keys/IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to ~19,000 values. An unauthenticated attacker can query the attachment download endpoint to recover the seed and forge sharing tokens for e...

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

FreeBSD : (lib)expat -- Insufficient entropy (88440f1d-4168-11f1-95f7-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 88440f1d-4168-11f1-95f7-00a098b42aeb advisory. https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy...

EUVD-2026-23276

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...