Lucene search
+L

2732 matches found

Cvelist
Cvelist
added 2026/06/21 3:43 p.m.38 views

CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/06/21 9:16 a.m.14 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 7:45 a.m.38 views

CVE-2026-12788 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 7:45 a.m.35 views

CVE-2026-12788

CVE-2026-12788 affects zhilink 智互联(深圳)科技有限公司的 ADP Application Developer Platform 1.0.0. A vulnerability exists in the XML Parser component, specifically in the file /adpweb/a/base/barcodeDetail/import, allowing an XML External Entity (XXE) reference. The issue could be triggered remotely, and the...

6.5CVSS6.2AI score0.00237EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/19 2:56 a.m.8 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.9AI score0.00135EPSS
Exploits0
EUVD
EUVD
added 2026/06/12 8:54 a.m.19 views

EUVD-2026-36394

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

5.2AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.14 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.17 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 3:59 p.m.15 views

CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:51 p.m.14 views

EUVD-2026-35468

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 3:51 p.m.13 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS5.4AI score0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

4.4CVSS6.2AI score0.00103EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:42 p.m.9 views

ROOT-APP-NPM-CVE-2026-25128 CVE-2026-25128 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25128 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00559EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.15 views

IBM QRadar SIEM 7.5.x < 7.5.0 UP15 IF03 Multiple Vulnerabilities

According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 15 Interim Fix 03. It is, therefore, affected by multiple vulnerabilities: - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in...

9.8CVSS7.9AI score0.96267EPSS
Exploits230References29
OSV
OSV
added 2026/05/29 1:35 p.m.12 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/29 1:35 p.m.11 views

OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.11 views

Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...

9.8CVSS7.7AI score0.00793EPSS
Exploits0References7
NVD
NVD
added 2026/05/26 2:16 p.m.23 views

CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

4.4CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 11:43 a.m.35 views

CVE-2026-7310

CVE-2026-7310: A heap-based buffer overflow exists in the XML parser functionality of HiDraw. An authenticated attacker with local access can trigger this via a specially crafted XML file, potentially causing memory corruption and arbitrary code execution. Reported impacts include application cra...

4.4CVSS6.2AI score0.00103EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

TencentOS Server 3: perl-XML-Parser (TSSA-2026:0356)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0356 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS6.1AI score0.00604EPSS
Exploits0References3
Rows per page
Query Builder