CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Positive Technologies•added 2026/05/08 12:0 a.m.•9 views

PT-2026-38870

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS5.8AI score0.00192EPSS

Exploits1References41

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37849

7.8CVSS6.7AI score0.00192EPSS

Exploits1References41

RedHat Linux•added 2025/07/31 11:33 a.m.•3 views

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

8.1CVSS7.3AI score0.00323EPSS

Exploits0References6

RedHat Linux•added 2025/02/06 11:30 a.m.•2 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.00799EPSS

Exploits0References10

SUSE CVE•added 2023/02/15 4:32 a.m.•1 views

SUSE CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

7.5CVSS9.4AI score0.28907EPSS

Exploits0References9

RedHat Linux•added 2022/03/14 10:7 a.m.•3 views

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

8.8CVSS7.3AI score0.02853EPSS

Exploits1References5

RedHat Linux•added 2021/11/03 4:34 p.m.•0 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.01079EPSS

Exploits0References4

Tenable Nessus•added 2019/08/12 12:0 a.m.•238 views

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0011)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

9.8CVSS8.2AI score0.55641EPSS

Exploits3References20

Tenable Nessus•added 2019/08/12 12:0 a.m.•19 views

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0124)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

9.8CVSS8.2AI score0.55641EPSS

Exploits3References20

Veracode•added 2019/05/16 2:13 a.m.•23 views

Use-After-Free

Firefox is vulnerable to use-after-free vulnerability. This occurs during XSL transformations. An attacker could cause a potentially exploitable crash resulting a denial of service condition...

9.8CVSS8.9AI score0.28907EPSS

Exploits0References16Affected Software2

Github Security Blog•added 2018/11/06 11:17 p.m.•23 views

High severity vulnerability that affects org.apache.syncope:syncope-core

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file write, and code execution...

7.2CVSS0.5AI score0.06394EPSS

Exploits4References7Affected Software1

OSV•added 2018/11/06 11:17 p.m.•0 views

GHSA-XGC9-9W4V-H33H High severity vulnerability that affects org.apache.syncope:syncope-core

7.2CVSS5.9AI score0.06394EPSS

Exploits4References7

Exploit DB•added 2018/09/13 12:0 a.m.•53 views

Apache Syncope 2.0.7 - Remote Code Execution

Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...

7.2CVSS7AI score0.06729EPSS

Exploits4

OSV•added 2018/06/11 9:29 p.m.•1 views

DEBIAN-CVE-2018-5097

9.8CVSS9.3AI score0.28907EPSS

Exploits0References1

OSV•added 2018/06/11 9:29 p.m.•2 views

CVE-2018-5097

9.8CVSS9.3AI score

Exploits0References13