2732 matches found
CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
CVE-2026-12788
A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...
CVE-2026-12788 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference
A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...
CVE-2026-12788
CVE-2026-12788 affects zhilink 智互联(深圳)科技有限公司的 ADP Application Developer Platform 1.0.0. A vulnerability exists in the XML Parser component, specifically in the file /adpweb/a/base/barcodeDetail/import, allowing an XML External Entity (XXE) reference. The issue could be triggered remotely, and the...
CVE-2026-56131
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...
EUVD-2026-36394
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...
CVE-2026-45771
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-45771
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...
EUVD-2026-35468
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-45771
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-7310
A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...
ROOT-APP-NPM-CVE-2026-25128 CVE-2026-25128 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-25128 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
IBM QRadar SIEM 7.5.x < 7.5.0 UP15 IF03 Multiple Vulnerabilities
According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 15 Interim Fix 03. It is, therefore, affected by multiple vulnerabilities: - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in...
OESA-2026-2500 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...
OESA-2026-2498 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...
Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities
The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...
CVE-2026-7310
A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...
CVE-2026-7310
CVE-2026-7310: A heap-based buffer overflow exists in the XML parser functionality of HiDraw. An authenticated attacker with local access can trigger this via a specially crafted XML file, potentially causing memory corruption and arbitrary code execution. Reported impacts include application cra...
TencentOS Server 3: perl-XML-Parser (TSSA-2026:0356)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0356 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...