Lucene search
K

680 matches found

Nuclei
Nuclei
โ€ขadded 3 days agoโ€ข15 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7AI score0.79807EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
โ€ขadded 4 days agoโ€ข7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
EUVD
EUVD
โ€ขadded 4 days agoโ€ข6 views

EUVD-2026-42873

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
OSV
OSV
โ€ขadded 2026/07/06 8:3 a.m.โ€ข3 views

PYSEC-2026-871 OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

7.5CVSS6AI score0.03062EPSS
Exploits1References17
Microsoft CVE
Microsoft CVE
โ€ขadded 2026/06/27 8:6 a.m.โ€ข8 views

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

...

6.9CVSS5.8AI score0.00107EPSS
Exploits0
Cvelist
Cvelist
โ€ขadded 2026/06/24 5:45 p.m.โ€ข31 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS0.00334EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/06/24 5:45 p.m.โ€ข57 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/24 12:0 a.m.โ€ข9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS6.2AI score0.0064EPSS
Exploits1References2
Debian CVE
Debian CVE
โ€ขadded 2026/06/22 2:55 p.m.โ€ข5 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1
Snyk
Snyk
โ€ขadded 2026/06/19 5:3 a.m.โ€ข6 views

Incorrect Synchronization

Overview Affected versions of this package are vulnerable to Incorrect Synchronization in the doProlog function in xmlparse.c due to improper handling of scaffold backing array reallocation when data structures are shared across multiple parsers. An attacker can achieve arbitrary code execution o...

7.5CVSS6.6AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/19 3:0 a.m.โ€ข7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00107EPSS
Exploits0References2
Cvelist
Cvelist
โ€ขadded 2026/06/19 3:0 a.m.โ€ข39 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS0.00107EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/06/19 3:0 a.m.โ€ข62 views

CVE-2026-56132

CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...

6.9CVSS5.6AI score0.00107EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/19 12:0 a.m.โ€ข17 views

PT-2026-50832

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description A heap-based buffer overflow occurs in the doProlog function within xmlparse.c. This issue arises because the reallocation of the scaffold backing array is mishandled when data-structure sharing is...

6.9CVSS6.1AI score0.00107EPSS
Exploits0References8
Debian CVE
Debian CVE
โ€ขadded 2026/06/17 7:59 p.m.โ€ข6 views

CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.6AI score0.00439EPSS
Exploits0
EUVD
EUVD
โ€ขadded 2026/06/15 9:30 p.m.โ€ข8 views

EUVD-2025-210151

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.3AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/15 2:36 p.m.โ€ข17 views

CVE-2025-71329

A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...

8.7CVSS5.6AI score0.0043EPSS
Exploits1References6
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/15 12:0 a.m.โ€ข22 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References11
Cvelist
Cvelist
โ€ขadded 2026/06/15 12:0 a.m.โ€ข31 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/15 12:0 a.m.โ€ข14 views

PT-2026-49278

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A stack overflow occurs in the gf opus read length function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted MP4 file...

5.5CVSS5.9AI score0.00202EPSS
Exploits1References4
Rows per page
Query Builder