Lucene search
K

39 matches found

OSV
OSV
added 2025/10/17 2:54 p.m.3 views

OESA-2025-2445 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.CVE-2025-10911...

5.5CVSS6.9AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/10/17 2:54 p.m.8 views

OESA-2025-2443 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.CVE-2025-10911...

5.5CVSS6.9AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/06 5:58 p.m.6 views

CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

7.5CVSS6.5AI score0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/06 5:58 p.m.14 views

CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

7.5CVSS0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/24 6:34 p.m.52 views

CVE-2024-52807 XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS0.00547EPSS
Exploits0References3
CVE
CVE
added 2025/01/24 6:34 p.m.53 views

CVE-2024-52807

The CVE-2024-52807 entry affects the org.hl7.fhir.publisher package used to generate HL7 FHIR IGs. The root cause is XML External Entity (XXE) injections in XSLT transforms performed by multiple components prior to version 1.7.4, which could allow a malicious DTD tag in submitted XML to cause dat...

8.6CVSS8.6AI score0.00547EPSS
Exploits0References3
OSV
OSV
added 2025/01/24 6:33 p.m.6 views

GHSA-8C3X-HQ82-GJCM XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`

Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where...

8.6CVSS8.6AI score0.00547EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/01/24 6:33 p.m.18 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`

Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where...

8.6CVSS6.7AI score0.00547EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2024/11/08 10:28 p.m.14 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS7AI score0.00918EPSS
Exploits0References6
CVE
CVE
added 2024/11/08 10:28 p.m.67 views

CVE-2024-52007

CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References6
OSV
OSV
added 2024/11/08 6:49 p.m.11 views

GHSA-GR3C-Q7XF-47VH XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

Summary XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.2AI score0.00918EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.5 views

HAPI FHIR 代码问题漏洞

HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A code issue vulnerability exists in HAPI FHIR prior to version 6.4.0 that stems from the XSLT parsing performed by various components being vulnerable to XML external entity injection...

8.6CVSS8.5AI score0.00918EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.4 views

PT-2024-35091 · Hapi Fhir · Hapi Fhir

Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...

8.6CVSS7.1AI score0.00918EPSS
Exploits0References13
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.19 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.10 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.19 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.16 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.20 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
Zero Day Initiative
Zero Day Initiative
added 2018/12/12 12:0 a.m.24 views

Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS2AI score0.04031EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/12/12 12:0 a.m.24 views

Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS2AI score0.04031EPSS
Exploits0References1
Rows per page
Query Builder