Lucene search
+L

344 matches found

RedHat Linux
RedHat Linux
added 2026/01/05 6:1 p.m.6 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/01/05 5:40 p.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/26 4:31 a.m.2 views

CVE-2025-8075 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

5.8CVSS6AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 4:31 a.m.27 views

CVE-2025-8075 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

5.8CVSS0.00181EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/12/12 1:28 p.m.4 views

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xmlserializer.getInnerText bsc1254437 Patch Instructions: To install this...

7.5CVSS8AI score0.02143EPSS
Exploits0References6
NCSC
NCSC
added 2025/12/12 9:2 a.m.9 views

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

9.8CVSS6.5AI score0.67357EPSS
Exploits4References1
OSV
OSV
added 2025/12/11 11:37 a.m.5 views

BIT-DJANGO-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/09 7:23 a.m.2 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
Snyk
Snyk
added 2025/12/09 3:40 a.m.18 views

Uncaught Exception

Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Uncaught Exception in the form of improper handling of canonicalization failures. An attacker can bypass signature or digest validation by submitting specially crafted invalid XM...

7.5CVSS6.9AI score0.00226EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.10 views

PT-2025-49775

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...

9.3CVSS6.6AI score0.00211EPSS
Exploits0References11
OSV
OSV
added 2025/12/02 3:15 p.m.3 views

CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/12/02 2:22 p.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
OSV
OSV
added 2025/12/02 2:0 p.m.3 views

UBUNTU-CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7AI score0.02143EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/11/25 7:36 a.m.2 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/25 7:17 a.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2025/11/24 12:0 a.m.6 views

Important: mingw-expat security update

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more...

7.5CVSS6.9AI score0.01279EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/11/19 10:11 p.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/19 8:10 p.m.3 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/10/27 5:46 p.m.3 views

libxml: Null pointer dereference leads to Denial of service (DoS)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

7.5CVSS7.1AI score0.00475EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/27 5:46 p.m.2 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References6
Rows per page
Query Builder