MiracleLinux 8 : java-11-openjdk-11.0.15.0.9-2.el8 (AXSA:2022-3152:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3152:07 advisory. OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling craft...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.232.b09-1.AXS4 (AXSA:2019-4356:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4356:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

MiracleLinux 4 : libxml2-2.7.6-17.1.0.1.AXS4 (AXSA:2014-724:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-724:04 advisory. Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includ...

EUVD-2026-2462

Concrete5 CMS contains an XPath injection vulnerability...

CVE-2022-50807

...

MiracleLinux 8 : firefox-128.10.0-1.el8_10.ML.1 (AXSA:2025-9933:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9933:13 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

MiracleLinux 7 : libxslt-1.1.28-6.0.2.el7.AXS7 (AXSA:2025-9856:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9856:03 advisory. CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations CVEs: CVE-2025-24855 numbers.c in libxslt...

MiracleLinux 8 : thunderbird-128.10.0-1.el8_10.ML.1 (AXSA:2025-9937:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9937:11 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

PT-2026-2364

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...

CVE-2024-2645

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...

CVE-2024-2648

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...

PT-2026-27134

Name of the Vulnerable Software and Affected Versions github.com/antchfx/xpath affected versions not specified Description A flaw exists in the github.com/antchfx/xpath component that allows a remote attacker to cause a Denial of Service DoS condition. This is achieved by submitting crafted Boole...

Unity Linux 20.1070e Security Update: libxml2 (UTSA-2025-993313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993313 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libxml2 (UTSA-2025-991295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991295 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

EUVD-2025-201297

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...