CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1233 matches found

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

6.9CVSS5.9AI score0.00102EPSS

Exploits0References4

RedhatCVE•added yesterday•5 views

CVE-2026-56410

A flaw was found in libexpat. Specifically, the xmlwf utility contains an integer overflow vulnerability in its resolveSystemId function. This flaw could be exploited by an attacker to potentially gain unauthorized access to sensitive information or execute arbitrary code, leading to a compromise...

6.9CVSS6.1AI score0.00111EPSS

Exploits0References4

RedhatCVE•added 2 days ago•5 views

CVE-2026-56412

A flaw was found in libexpat. This vulnerability, present in versions before 2.8.2, stems from improper handling of XML CDATA sections, where the library fails to adequately track the depth of handler calls. This can result in a 'use-after-free' error, a type of memory corruption that could allow...

5.9CVSS5.8AI score0.00105EPSS

Exploits0References4

RedhatCVE•added 2 days ago•6 views

CVE-2026-56411

A flaw was found in libexpat, a software library used for parsing XML Extensible Markup Language documents. An attacker could exploit an integer overflow vulnerability in the xmlwf utility by crafting malicious NOTATION declarations. This could lead to the disclosure of sensitive information or...

6.9CVSS5.9AI score0.00111EPSS

Exploits0References4

RedhatCVE•added 2 days ago•5 views

CVE-2026-56405

A flaw was found in libexpat. An integer overflow vulnerability exists within the getAttributeId function. This flaw could allow an attacker to potentially disclose sensitive information or execute arbitrary code, leading to a compromise of the system's integrity and confidentiality. Mitigation T...

6.9CVSS6AI score0.00102EPSS

Exploits0References4

RedhatCVE•added 2 days ago•5 views

CVE-2026-56403

A flaw was found in libexpat. An integer overflow vulnerability exists in the storeAtts function. This flaw could allow an attacker to corrupt memory, leading to a denial of service, information disclosure, or potentially arbitrary code execution, compromising the integrity and confidentiality of...

6.9CVSS6.1AI score0.00102EPSS

Exploits0References4

RedHat Linux•added 2 days ago•6 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00311EPSS

Exploits1References5

NVD•added 3 days ago•10 views

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS0.00111EPSS

Exploits0References1

NVD•added 3 days ago•8 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS0.00105EPSS

Exploits0References1