42 matches found
CVE-2026-56131
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...
CVE-2026-56131
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...
EUVD-2026-37976
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...
CVE-2026-56131
CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...
CLSA-2026-1778895199 Fix CVE(s): CVE-2024-50602
SECURITY UPDATE: Crash in XMLResumeParser because XMLStopParser can stop/suspend an unstarted parser - debian/patches/CVE-2024-50602.patch: make XMLStopParser refuse to stop/suspend an unstarted parser - CVE-2024-50602...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.0.1)
The version of AHV installed on the remote host is prior to AHV-10.0.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.0.1 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Respons...
CVE-2025-14464
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
CVE-2025-14464
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
CVE-2025-14464 PDF Resume Parser <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
CVE-2025-14464 PDF Resume Parser <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
CVE-2025-14464
CVE-2025-14464 : The PDF Resume Parser plugin for WordPress (versions ≤ 1.0) exposes SMTP credentials via an unauthenticated AJAX action, enabling an attacker to retrieve sensitive configuration data. This could lead to compromise of email accounts and potentially other systems using the same cre...
PT-2026-2812
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
WordPress plugin PDF Resume Parser 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has a PHP and MySQL based on the server set up a personal blog site features. WordPress plugin is an application plug-ins. WordPress plugin...
WordPress PDF Resume Parser plugin <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials vulnerability
Unauthenticated Sensitive Information Disclosure in SMTP Credentials vulnerability discovered by Ivan Cese in WordPress Plugin PDF Resume Parser versions = 1.0...
BIT-LIBPYTHON-2024-50602
An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1213)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: thunderbird
Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...
SUSE-SU-2025:20258-1 Security update for expat
This update for expat fixes the following issues: -CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232579...
Security update for expat
This update for expat fixes the following issues: -CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...
Security update for expat
This update for expat fixes the following issues: CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...