Lucene search
K

1312 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42858

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 9:12 p.m.15 views

CVE-2026-12975

CVE-2026-12975 affects Apicurio Registry. The flaw is in ContentTypeUtil.isParsableXml(), which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs wit...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.6 views

CVE-2026-6653

A flaw was found in libxml2. A remote attacker can exploit a use-after-free vulnerability in the xmlParseInternalSubset function by providing maliciously crafted XML input. This improper handling of entity resolution can lead to a denial-of-service DoS, making the affected system or application...

8.3CVSS5.7AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51315

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0 Description A Use After Free issue exists in the xmlParseInternalSubset function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a...

8.3CVSS5.8AI score0.00289EPSS
Exploits0References13
OSV
OSV
added 2026/06/10 8:42 a.m.10 views

SUSE-SU-2026:2334-1 Security update for libyang

This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflo...

7.5CVSS5.7AI score0.00519EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 12:59 p.m.47 views

CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS0.00358EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.10 views

SUSE CVE-2026-11020

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.9 views

SUSE CVE-2026-11035

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. Chromium security severity: Medium...

7.3CVSS5.4AI score0.00079EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/06 10:1 p.m.106 views

Exploit for CVE-2019-5513

VMware Horizon /broker/xml Vulnerability Scanner !Security...

5.3CVSS5.6AI score0.01232EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

RHEL 10 : expat (RHSA-2026:22715)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22715 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details...

7.5CVSS5.6AI score0.00428EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.24 views

RHEL 9 : expat (RHSA-2026:23230)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:23230 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details...

7.5CVSS5.6AI score0.00428EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.18 views

RHEL 8 : expat (RHSA-2026:22721)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22721 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details...

7.5CVSS5.6AI score0.00428EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2026/06/05 12:4 p.m.14 views

expat security update

An update is available for expat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: deni...

7.5CVSS5.5AI score0.00428EPSS
Exploits1
OSV
OSV
added 2026/06/05 12:3 p.m.22 views

RLSA-2026:23230 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS5.5AI score0.00428EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/06/05 12:3 p.m.18 views

expat security update

An update is available for expat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: denia...

7.5CVSS5.5AI score0.00428EPSS
Exploits1
OSV
OSV
added 2026/06/05 6:0 a.m.15 views

RLSA-2026:22721 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS5.5AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34657

Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. Chromium security severity: Medium...

5.8AI score0.00228EPSS
Exploits0References3
Rows per page
Query Builder