2733 matches found
CLSA-2026-1776940444 perl-XML-Parser: Fix of CVE-2006-10003
CVE-2006-10003: fix off-by-one heap buffer overflow in stserialstack growth check in Expat/Expat.xs startElement; also backport upstream follow-up 2abd177 to initialize stserialstacksize=1024 after allocation...
0xuath-sdk-react (>=0.0.2 <=0.0.23), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +17811 more potentially affected by CVE-2026-41650 via fast-xml-parser (>=2.3.1 <=5.6.0)
fast-xml-parser NPM version =2.3.1, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.0.10, =3.1.4, =3.1.6, =0.1.0, =0.0.2, =4.11.2, =2.0.0, =2.6.6 and more Source cves: CVE-2026-41650 Source advisory: OSV:GHSA-GH4J-GQV2-49F6...
GHSA-GH4J-GQV2-49F6 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters Summary fast-xml-parser XMLBuilder does not escape the -- sequence in comment content or the sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data...
RHSA-2026:9605 Red Hat Security Advisory: perl-XML-Parser security update
Bulletin has no description...
RHSA-2026:9258 Red Hat Security Advisory: perl-XML-Parser security update
Bulletin has no description...
RHSA-2026:9246 Red Hat Security Advisory: perl-XML-Parser security update
Bulletin has no description...
RHSA-2026:9259 Red Hat Security Advisory: perl-XML-Parser security update
Bulletin has no description...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...
RHEL 9 : perl-XML-Parser (RHSA-2026:9605)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9605 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...
Amazon Corretto Java 8.x < 8.492.09.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is 8 prior to 8.492.09.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2026-Apr-21 advisory. - An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions...
lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...
GHSA-VFMQ-68HX-4JFW lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...
CVE-2026-22016
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
RHSA-2026:9110 Red Hat Security Advisory: perl-XML-Parser security update
Bulletin has no description...