Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

117 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...

7.5CVSS6.8AI score0.00165EPSS
Exploits3References2
OSV
OSVadded 2026/05/13 8:53 a.m.2 views

CLSA-2026-1778492595 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

8.1CVSS5.8AI score0.00222EPSS
Exploits0References1
OSV
OSVadded 2026/05/08 5:46 a.m.2 views

BIT-JRE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.00165EPSS
Exploits3References7
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.4 views

PT-2026-38830

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.00165EPSS
Exploits3References8
OSV
OSVadded 2026/05/06 2:44 p.m.2 views

BIT-JAVA-MIN-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.00165EPSS
Exploits3References7
OSV
OSVadded 2026/05/06 2:44 p.m.4 views

BIT-JAVA-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.00165EPSS
Exploits3References7
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.4 views

PT-2026-38016

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.00165EPSS
Exploits3References8
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.4 views

PT-2026-37809

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.00165EPSS
Exploits3References8
RedhatCVE
RedhatCVEadded 2026/03/29 6:0 p.m.3 views

CVE-2026-4980

A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...

6.3CVSS5.7AI score0.00041EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2026/03/28 6:26 p.m.2 views

SUSE CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/03/28 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-4980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted...

6.3CVSS6AI score0.00041EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/27 3:30 p.m.2 views

EUVD-2026-16659

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References3
NVD
NVDadded 2026/03/27 3:17 p.m.2 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS0.00041EPSS
Exploits1References2
OSV
OSVadded 2026/03/27 3:17 p.m.1 views

DEBIAN-CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00041EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/03/27 3:17 p.m.1 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References3
OSV
OSVadded 2026/03/27 3:17 p.m.2 views

UBUNTU-CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.8AI score0.00041EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/27 2:50 p.m.1 views

CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/03/27 2:50 p.m.2 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00041EPSS
Exploits1
CVE
CVEadded 2026/03/27 2:50 p.m.10 views

CVE-2026-4980

CVE-2026-4980 concerns Inkscape’s XInclude processing, where a crafted SVG with malicious xi:include tags can cause a local file disclosure. The connected CVE records identify the affected software as Inkscape 1.1 prior to 1.3, and describe the root cause as an improper handling of XML External E...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/27 2:50 p.m.1 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00041EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder