39 matches found
OESA-2025-2445 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.CVE-2025-10911...
OESA-2025-2443 libxslt security update
Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.CVE-2025-10911...
CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...
CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...
CVE-2024-52807 XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...
CVE-2024-52807
The CVE-2024-52807 entry affects the org.hl7.fhir.publisher package used to generate HL7 FHIR IGs. The root cause is XML External Entity (XXE) injections in XSLT transforms performed by multiple components prior to version 1.7.4, which could allow a malicious DTD tag in submitted XML to cause dat...
GHSA-8C3X-HQ82-GJCM XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where...
CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2024-52007
CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...
GHSA-GR3C-Q7XF-47VH XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
Summary XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
HAPI FHIR 代码问题漏洞
HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A code issue vulnerability exists in HAPI FHIR prior to version 6.4.0 that stems from the XSLT parsing performed by various components being vulnerable to XML external entity injection...
PT-2024-35091 · Hapi Fhir · Hapi Fhir
Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...
Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...