CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

CLSA-2026-1778240943 php: Fix of CVE-2025-1219

CVE-2025-1219: fix wrong content-type header on libxml streams redirect...

BIT-JRE-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

Debian dsa-6182 : libxml-parser-perl - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6182 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6182-1 [email protected] https://www.debian.org/security/...

Ubuntu: Security Advisory (USN-8174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-21569

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

Debian: Security Advisory (DLA-4522-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-4522 : libxml-parser-perl - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4522 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4522-1 [email protected]...

Debian: Security Advisory (DSA-6182-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6182-1] libxml-parser-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6182-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2026 https://www.debian.org/security/faq -...

DSA-6182-1 libxml-parser-perl - security update

Bulletin has no description...

ROS-20260310-73-0027

Vulnerability in libxml2 related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

CVE-2026-0989

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may...

MiracleLinux 9 : libxml2-2.9.13-10.el9_6 (AXSA:2025-10626:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10626:10 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

JLSEC-2025-72 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

JLSEC-2025-79 In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer derefere...

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...