Lucene search
K

93 matches found

NVD
NVD
added 2026/02/06 6:15 p.m.6 views

CVE-2026-24419

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

8.7CVSS0.00344EPSS
Exploits3References1
NVD
NVD
added 2026/01/13 11:15 p.m.8 views

CVE-2022-50807

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...

0.00049EPSS
Exploits0
OSV
OSV
added 2026/01/05 10:29 a.m.7 views

CLSA-2026-1767608985 libxml2: Fix of CVE-2025-9714

CVE-2025-9714: fix XPath depth check to work with recursive invocations...

6.2CVSS6.1AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 5:1 p.m.5 views

CVE-2025-69416

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...

5CVSS6.9AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2025/12/10 9:16 p.m.12 views

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

8.7CVSS0.00765EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: libxslt (UTSA-2025-990908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990908 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

6.2CVSS5AI score0.00144EPSS
Exploits0References4
Veracode
Veracode
added 2025/11/11 8:44 a.m.9 views

XPath Injection

smolagents is vulnerable to XPath injection. The vulnerability is due to insecure XPath construction due to searchitemctrlf concatenating unsanitized user input into XPath expressions, allowing attackers to inject XPath to bypass filters, access unintended DOM nodes, or disrupt web automation...

5.4CVSS5.5AI score0.00252EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/22 1:13 p.m.2 views

CVE-2025-11844 XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...

5.4CVSS6.5AI score0.00252EPSS
Exploits2References2
OSV
OSV
added 2025/10/02 1:27 p.m.6 views

CLSA-2025-1759411642 libxml2: Fix of CVE-2025-9714

CVE-2025-9714: preserve recursion depth across recursive calls to prevent stack overflow in XPath evaluation...

6.2CVSS6.5AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/30 8:56 p.m.11 views

CVE-2025-34232

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/lexmark/dellCheck.php script that can be...

6.9CVSS7.2AI score0.00514EPSS
Exploits1References1
OSV
OSV
added 2025/09/10 7:15 p.m.2 views

DEBIAN-CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

5.5CVSS5.3AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 6:43 p.m.73 views

CVE-2025-9714

CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...

6.2CVSS6.2AI score0.00144EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2025/09/10 6:43 p.m.5 views

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

6.2CVSS5.3AI score0.00144EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.9.14 and earlier, which stems from an uncontrolled recursion in XPath evaluation that could lead ...

6.2CVSS4.6AI score0.00144EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-25706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...

6.1CVSS6.8AI score0.02783EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2025/08/11 12:58 a.m.11 views

K000152944: libxslt vulnerability CVE-2025-24855, CVE-2024-55549

Security Advisory Description CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and...

7.8CVSS8.2AI score0.00324EPSS
Exploits4Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/29 1:52 p.m.3 views

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS7.1AI score0.00669EPSS
Exploits0References5
OSV
OSV
added 2025/07/24 4:23 p.m.5 views

CLSA-2025-1753374216 Fix CVE(s): CVE-2025-49794, CVE-2025-49796

SECURITY UPDATE: memory vulnerabilities in schematron - debian/patches/CVE-2025-49794CVE-2025-49796.patch: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements and memory corruption issue triggered by processing sch:name elements in input XML file - CVE-2025-49794 -...

9.1CVSS7AI score0.01437EPSS
Exploits0References1
Huntr
Huntr
added 2025/07/16 9:46 p.m.10 views

XPath Injection in search_item_ctrl_f Function - Hugging Face Smolagents v1.20.0

The searchitemctrlf function in the Hugging Face Smolagents library is vulnerable to XPath injection. The function simply concatenates user input into an XPath query without sanitizing or escaping the input. Vulnerable Code Location: File: src/smolagents-1.20.0/smolagents/visionwebbrowser.py...

5.4CVSS6AI score0.00252EPSS
Exploits2
OSV
OSV
added 2025/07/11 12:18 p.m.4 views

OESA-2025-1769 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

9.1CVSS6.9AI score0.01437EPSS
Exploits0References4
Rows per page
Query Builder