CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/16 12:16 a.m.•4 views

CVE-2025-14232

9.3CVSS6.1AI score0.00077EPSS

CNNVD•added 2026/01/16 12:0 a.m.•3 views

Canon’s various products have security vulnerabilities

Canon ImageRunner is a product of the Japanese company Canon. Canon ImageRunner is a series of all-in-one black-and-white printers. Canon imagePROGRAF is a large-format printer. Canon imageCLASS MF644Cdw is a smart and efficient 3-in-1 color multifunctional printer. Several Canon products have...

9.8CVSS7.6AI score0.00077EPSS

CVE•added 2026/01/15 11:36 p.m.•12 views

CVE-2025-14232

Summary: CVE-2025-14232 is a buffer overflow in the XML processing of XPS files on Canon printers (Small Office Multifunction and Laser Printers). Affected firmware: v06.02 and earlier across multiple lines of Canon/Satera/i-SENSYS/imageRUNNER models listed in the description. Impact: remote atta...

9.8CVSS7.4AI score0.00077EPSS

Exploits0References4Affected Software1

AstraLinux•added 2026/01/13 2:1 p.m.•3 views

Astra Linux – Vulnerability in libxslt

A flaw was discovered in the libxslt library. The same memory field, psvi, is used for both the stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may result in...

7.5CVSS6AI score0.00374EPSS

Exploits0References3

AstraLinux•added 2026/01/13 2:1 p.m.•1 views

Astra Linux - уязвимость в libvirt

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

Tenable Nessus•added 2026/01/05 12:0 a.m.•5 views

Exploits0References3

Amazon Linux 2 : libvirt, --advisory ALAS2-2025-3115 (ALAS-2025-3115)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3115 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.5AI score0.00109EPSS

Tenable Nessus•added 2025/12/31 12:0 a.m.•4 views

Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-993323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993323 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicio...

5.5CVSS5.5AI score0.00109EPSS

Positive Technologies•added 2025/12/26 12:0 a.m.•3 views

PT-2025-53592

Name of the Vulnerable Software and Affected Versions libxmljs version 1.0.11 Description A flaw exists in libxmljs when processing a specifically designed XML document. Accessing the internal ref property on entity ref and entity decl nodes can result in a segmentation fault, potentially causing...

7.5CVSS6.5AI score0.00032EPSS

Exploits1References7

OSV•added 2025/12/12 12:20 p.m.•3 views

OESA-2025-2814 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

5.5CVSS6.6AI score0.00109EPSS

Exploits0References2

OSV•added 2025/12/09 2:3 a.m.•2 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7.1AI score0.00048EPSS

Redos•added 2025/11/24 12:0 a.m.•3 views

ROS-20251124-14

A vulnerability in the Security component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read,...

7.5CVSS6.7AI score0.00068EPSS

Redos•added 2025/11/24 12:0 a.m.•4 views

ROS-20251124-12

7.5CVSS6.7AI score0.00068EPSS

OSV•added 2025/11/11 8:15 p.m.•2 views

AZL-70187 CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7

OSV•added 2025/11/11 8:15 p.m.•3 views

AZL-70199 CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11

OSV•added 2025/11/11 8:15 p.m.•0 views

UBUNTU-CVE-2025-12748

ATTACKERKB•added 2025/11/11 7:49 p.m.•1 views

CVE-2025-12748

5.5CVSS6.6AI score0.00109EPSS

Exploits0References5

AlpineLinux•added 2025/11/11 7:49 p.m.•2 views

CVE-2025-12748

5.5CVSS8.7AI score0.00109EPSS

Amazon•added 2025/11/10 12:0 a.m.•4 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

7.5CVSS7.1AI score0.00068EPSS

Cvelist•added 2025/11/03 7:47 p.m.•5 views

CVE-2025-12531 IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS0.00103EPSS