1154 matches found
CVE-2026-32287
CVE-2026-32287 affects the Go library github.com/antchfx/xpath. Boolean XPath expressions that evaluate to true can trigger an infinite loop in logicalQuery.Select, causing 100% CPU usage. This can be triggered by top-level selectors such as 1=1 or true(). The provided connected records confirm t...
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
SUSE CVE-2026-4645
Duplicate of CVE-2026-32287...
CVE-2026-4645
Rejected reason: Duplicate of CVE-2026-32287...
UBUNTU-CVE-2026-4645
A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...
CVE-2026-4645
Rejected reason: Duplicate of CVE-2026-32287...
CVE-2026-4645
Removed by vendor...
CVE-2026-4645
...
CVE-2026-4645
An issue in the github.com/antchfx/xpath component allows a remote attacker to submit crafted Boolean XPath expressions that evaluate to true, triggering an infinite loop in the logicalQuery.Select function and causing 100% CPU utilization and a Denial of Service (DoS) on affected systems. CVSS v...
CVE-2026-4645
Duplicate of CVE-2026-32287...
CVE-2026-4645
A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...
Exploit for XML Injection (aka Blind XPath Injection) in Fonttools
CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...
PT-2026-28438
Name of the Vulnerable Software and Affected Versions versions prior to 2026-32287 Description Boolean XPath expressions that evaluate to true can cause an infinite loop within the logicalQuery.Select function, resulting in 100% CPU utilization. This condition can be initiated by top-level...
Exploit for XML Injection (aka Blind XPath Injection) in Fonttools
CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...
CVE-2026-29039
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
changedetection.io 代码注入漏洞
changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a code injection vulnerability. This vulnerability stemmed from unvalidated or uncleaned XPath expressions,...