Lucene search
+L

1320 matches found

Cvelist
Cvelist
added 2026/05/10 6:36 a.m.67 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS0.00428EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/10 6:36 a.m.8 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS5.7AI score0.00428EPSS
Exploits1References1
CVE
CVE
added 2026/05/10 6:36 a.m.173 views

CVE-2026-45186

CVE-2026-45186 affects libexpat prior to 2.8.1, where the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. The NVD entry reports a high impact on availability (CVSS: 7.5) with network attack vector and no privileges. Pu...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References12Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.1 had security vulnerabilities, which stemmed from the computational complexity of attribute name conflict checks. These vulnerabilities could potentially lead to denial-of-service...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 5:46 a.m.7 views

BIT-JRE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.01364EPSS
Exploits3References7
OSV
OSV
added 2026/05/06 2:45 p.m.11 views

BIT-JAVA-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37823

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

9.8CVSS7AI score0.01136EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38044

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/05 12:5 p.m.8 views

CVE-2026-43507

A flaw was found in Prosody. An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted XML data, leading to excessive memory consumption. This memory exhaustion can cause a Denial of Service DoS, making the service unavailable to legitimate users...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/04 2:3 a.m.21 views

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/04 1:48 a.m.12 views

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.108 views

FacturaScripts 2025.43 - XSS

Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...

5.4CVSS5.2AI score0.00981EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/28 11:27 a.m.5 views

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

6.2CVSS5.1AI score0.00144EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/28 1:57 a.m.11 views

SUSE CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.4AI score0.00121EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/27 6:40 p.m.2 views

libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service DoS attack, where the system becomes unresponsive or...

7.5CVSS6.1AI score0.00398EPSS
Exploits0References6
NVD
NVD
added 2026/04/26 10:17 p.m.12 views

CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.6 views

CVE-2018-25282 Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.131 views

📄 MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

9.8CVSS6.5AI score0.39688EPSS
Exploits4
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

libxml2 安全漏洞

Libxml2 is an open-source library from GNOME that is used for parsing XML documents. It is written in C language and can be called by various languages, such as C, C++, and XSH. Libxml2 has a security vulnerability that arises from type confusion errors when processing specially crafted XML Schem...

7.5CVSS5.8AI score0.00632EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/21 11:41 a.m.11 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.7AI score0.00604EPSS
Exploits0References3
Rows per page
Query Builder