603 matches found
Fast-XML-Parser security vulnerability
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. There are security vulnerabilities in the versions of fast-xml-parser from 4.3.6 to 5.3.3. These...
CVE-2025-63656
An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2026-0919 Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C210, C220 & C520WS
The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...
CVE-2026-21929
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...
CVE-2026-1245 CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
PT-2026-3679
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 9.0.0 through 9.5.0 Description A flaw exists in the MySQL Server component, specifically the Parser. A low-privileged attacker with network access can exploit this issue through multiple protocols to cause a...
PT-2026-3702
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 9.0.0 through 9.5.0 Description An issue exists in the MySQL Server component of Oracle MySQL Server: Parser that allows a high-privileged attacker with network access to compromise the server. Successful exploitation can...
MiracleLinux 4 : rh-mariadb102-galera-25.3.29-1.AXS4, rh-mariadb102-mariadb-10.2.33-1.AXS4 (AXSA:2020-657:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-657:01 advisory. mysql: Server: Replication unspecified vulnerability CPU Apr 2019 CVE-2019-2614 mysql: Server: Security: Privileges unspecified vulnerability CPU Apr...
MiracleLinux 8 : http-parser-2.8.0-5.el8.2 (AXSA:2020-132:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-132:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : xerces-c-3.1.1-10.el7 (AXSA:2020-4490:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4490:01 advisory. xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 Tenable has extracted the preceding...
MiracleLinux 4 : libxml2-2.7.6-14.1.0.2.AXS4 (AXSA:2014-350:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-350:02 advisory. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes...
CVE-2021-28110
/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...
CVE-2020-7617
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...
CVE-2026-21499 NULL Pointer Dereference in iccDEV XML Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...
CVE-2026-21498
CVE-2026-21498 affects iccDEV before version 2.3.1.2. The vulnerability is a NULL pointer dereference in the XML calculator parser, as described across Red Hat and CVE listings for iccDEV. The issue can impact availability, with a patch released in version 2.3.1.2. Affected components are the icc...
CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...
CVE-2025-8065 Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...
CVE-2025-68256
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser The Information Element IE parser rtwgetie trusted the length byte of each IE without validating that the IE body len bytes after the 2-byte header fits inside the...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2529)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...