CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в c3p0

C3P0 versions less than 0.9.5.4 may be exploited by a “billion laughs attack” when loading XML configuration, due to the lack of protections against recursive entity expansion during the loading of configuration files...

7.5CVSS6.7AI score0.05508EPSS

Exploits1References2

Tenable Nessus•added 2026/05/06 12:0 a.m.•3 views

RHCOS 4 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3132 advisory. - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service CVE-2019-11253 Note that Nessus has not...

7.5CVSS5.8AI score0.82787EPSS

Exploits2References4

Tenable Nessus•added 2026/05/06 12:0 a.m.•5 views

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

7.5CVSS6.8AI score0.82787EPSS

Exploits2References6

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-6.el8 (AXSA:2021-1339:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1339:01 advisory. snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

7.5CVSS6.9AI score0.02766EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-1301

Malware in sbrugna...

8.1CVSS7.1AI score0.00308EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0409

Malware in sbrugna...

7.5CVSS7AI score0.05508EPSS

Exploits1References16

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-1867

Malware in sbrugna...

4.3CVSS6.1AI score0.02732EPSS

Exploits1References11

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0987

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00106EPSS

Exploits1References7

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-28652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - /.config/apport/settings parsing is vulnerable to billion laughs attack CVE-2022-28652 - /.config/apport/settings parsing is vulnerable to billion laughs attack...

5.5CVSS5.6AI score0.00041EPSS

Exploits0References2

NVD•added 2025/07/07 10:15 a.m.•4 views

CVE-2025-3225

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...

7.5CVSS0.00345EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 10:14 a.m.•2 views

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

5.9CVSS6.7AI score0.00106EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:6 a.m.•7 views

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

7.5CVSS6.6AI score0.00076EPSS

Exploits0

RedhatCVE•added 2025/05/22 10:42 p.m.•5 views

CVE-2022-28652

/.config/apport/settings parsing is vulnerable to "billion laughs" attack...

5.5CVSS6.7AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:34 p.m.•7 views

CVE-2021-32623

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a seemingly permanent denial of service attack, essentially taking down Opencast usin...

8.1CVSS6.8AI score0.00308EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:35 p.m.•6 views

CVE-2020-3946

InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack denial-of-service...

7.5CVSS6.9AI score0.00319EPSS

Exploits0

Tenable Nessus•added 2025/01/08 12:0 a.m.•11 views

LangChain < 0.1.35 XXE

The version of LangChain installed on the remote host is prior to 0.1.35. It is, therefore, affected by a XML External Entity XXE vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers o...

5.9CVSS6.1AI score0.00106EPSS

Exploits1References3