CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

[SECURITY] Fedora 43 Update: mingw-libxslt-1.1.43-4.fc43

This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine...

EUVD-2017-16489

Malware in sbrugna...

EUVD-2017-14544

Malware in sbrugna...

EUVD-2008-2936

Malware in sbrugna...

EUVD-2017-14543

Malware in sbrugna...

EUVD-2017-14542

Malware in sbrugna...

EUVD-2020-22029

Malware in sbrugna...

EUVD-2022-1679

Malicious code in bioql PyPI...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

SUSE CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

AZL-73183 CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via xmlNode.psvi memory field that stores xsltStylePreComp pointer when processing xslt stylesheets. An attacker can cause memory corruption or application crashes by supplying...

📄 libxslt xsltParseStylesheetProcess Use-After-Free

There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the report. There is a use-after-free issue in libxslt read on a namespace URL stored in...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

SUSE CVE-2012-1592

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files...

SUSE CVE-2017-5438

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

SUSE CVE-2017-5439

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

SUSE CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...