Lucene search
K

154 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 8:39 a.m.8 views

CVE-2026-57435

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This use-after-free vulnerability occurs when replacing the value of an XML attribute. If a Ruby wrapper already points to the attribute's child node, the underlying native child node can be freed while the wrapper remains accessible...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 2:32 p.m.36 views

CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

6.3CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:32 p.m.19 views

CVE-2026-57435

Nokogiri (Ruby XML/HTML library) had a use-after-free in the CRuby native extension when replacing the value of an XML attribute. If an attribute child node was already accessed, Nokogiri::XML::Attr#value= could free the underlying native child node while a wrapper remained in the document cache,...

7.5CVSS5.9AI score0.00357EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.1 views

CVE-2026-53245 net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
OSV
OSV
added 2026/06/19 4:37 p.m.11 views

GHSA-PHWJ-RPRQ-35PP Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Summary Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attrvalue= could free the underlying native child node while the wrapper remained...

6.3CVSS5.9AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 6:41 p.m.35 views

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS0.00383EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.7AI score0.00183EPSS
Exploits2References1
Patchstack
Patchstack
added 2026/05/21 5:14 p.m.7 views

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...

8.7CVSS5.8AI score0.00383EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42587

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

8.7CVSS5.9AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...

7.8CVSS7.2AI score0.00399EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

7.8CVSS6.8AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

fast-xml-builder 安全漏洞

fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.9 views

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/04/24 3:16 a.m.3 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS0.00183EPSS
Exploits2References4
OSV
OSV
added 2026/04/24 3:16 a.m.3 views

DEBIAN-CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:20 a.m.10 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.9AI score0.00183EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:20 a.m.38 views

CVE-2026-33317 OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS0.00183EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2026/04/24 2:20 a.m.3 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

OP-TEE Trusted OS 缓冲区错误漏洞

OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.13.0 to 4.10.0 of OP-TEE Trusted OS, there is a buffer error vulnerability. This vulnerability stems from ...

8.7CVSS6AI score0.00183EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.7 views

Debian dla-4512 : charon-cmd - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4512 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4512-1 [email protected] https://www.debian.org/lts/security/...

8.7CVSS5.9AI score0.01013EPSS
Exploits2References4
Rows per page
Query Builder