Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.6 views

CVE-2026-56410

A flaw was found in libexpat. Specifically, the xmlwf utility contains an integer overflow vulnerability in its resolveSystemId function. This flaw could be exploited by an attacker to potentially gain unauthorized access to sensitive information or execute arbitrary code, leading to a compromise...

6.9CVSS6.1AI score0.0011EPSS
Exploits0References4
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/06/21 3:55 p.m.25 views

CVE-2026-56410

The vulnerability CVE-2026-56410 affects xmlwf in libexpat prior to 2.8.2, due to an integer overflow in resolveSystemId. Impact is indicated as high for confidentiality and integrity, with low availability impact; attack vector is local and no user interaction is required. Remedy: upgrade to lib...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/21 3:55 p.m.6 views

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51246

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the resolveSystemId function. An integer overflow occurs when an arithmetic operation results in a value that exceeds the maximum size of the...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: alienware-wmi-wmax: Fixed the dmisystemid array. Added a missing empty member to awccdmitable...

5.5CVSS6AI score0.00128EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.12 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS5.9AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 8:19 p.m.7 views

GHSA-F6WW-3GGP-FR8H xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

8.7CVSS6AI score0.00457EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 8:19 p.m.20 views

xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

8.7CVSS6AI score0.00457EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/04/10 5:32 p.m.3 views

GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 5:32 p.m.26 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:27 p.m.5 views

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:27 p.m.3 views

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.9AI score0.00219EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.6 views

openSUSE 16 Security Update : busybox (openSUSE-SU-2026:20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20090-1 advisory. Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence...

6.5CVSS6AI score0.00285EPSS
Exploits1References8
OSV
OSV
added 2026/01/22 4:57 p.m.3 views

SUSE-SU-2026:20134-1 Security update for busybox

This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References7
OSV
OSV
added 2026/01/22 12:25 p.m.4 views

SUSE-SU-2026:0236-1 Security update for busybox

This update for busybox fixes the following issues: This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/01/22 12:25 p.m.3 views

Security update for busybox

This update for busybox fixes the following issues: Security issues: CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: Set CONFIGFIRSTSYSTEMID to 201 to avoid...

8.8CVSS5.6AI score0.00285EPSS
Exploits1References12
OSV
OSV
added 2026/01/22 12:25 p.m.1 views

SUSE-SU-2026:0235-1 Security update for busybox

This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: - Set CONFIGFIRSTSYSTEMID to 201 to...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1726

Malware in sbrugna...

4.3CVSS6.4AI score0.00674EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6104

Malware in sbrugna...

5.3CVSS6.2AI score0.14838EPSS
Exploits1References2
Rows per page
Query Builder