1171 matches found
[SECURITY] Fedora 42 Update: qt5-qtxmlpatterns-5.15.18-1.fc42
The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema validation...
libxml: Null pointer dereference leads to Denial of service (DoS)
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...
libxml: Heap use after free (UAF) leads to Denial of service (DoS)
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...
CLSA-2025-1761312327 Fix CVE(s): CVE-2025-9714
SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714...
EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2025-2269)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML...
CVE-2025-11844
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
CVE-2025-11844
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
CVE-2025-11844
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
CVE-2025-11844 XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
CVE-2025-11844
Hugging Face Smolagents 1.20.0 has an XPath injection in search_item_ctrl_f (vision_web_browser.py) where user input is concatenated into XPath queries without sanitization, allowing attackers to modify query logic, bypass filters, and access unintended DOM elements, potentially disrupting AI web...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 1.20.0, which stems from the searchitemctrlf function splicing user input directly into XPath...
Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...
JLSEC-2025-91 Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a lo...
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...
EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2025-2203)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command...
CLSA-2025-1760020498 Fix CVE(s): CVE-2025-9714
SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...
CLSA-2025-1760020311 Fix CVE(s): CVE-2025-9714
SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714...
CLSA-2025-1760020147 Fix CVE(s): CVE-2025-9714
SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...
EUVD-2012-2582
Malware in sbrugna...
EUVD-2020-17853
Malware in sbrugna...