Lucene search
K

1312 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, when parsing a crafted XML file, performs incorrect memory handling. This results in an overflow of the heap-based buffer when strchr is called, starting with a pointer after a '\0' character where the processing of th...

6.5CVSS6.6AI score0.01169EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, when parsing a crafted XML file, performs incorrect memory handling, resulting in a NULL pointer being dereferenced while running strcmp on a NULL pointer...

6.5CVSS6.4AI score0.01212EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

In Qt versions prior to 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there may be an application crash in QXmlStreamReader due to a crafted XML string, causing a situation where a prefix is greater than a certain length...

7.5CVSS7.2AI score0.01553EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files writing outside of a memory region created by mmap...

6.5CVSS6.3AI score0.01193EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxstream-java

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service by manipulating the input stream. The attack exploits the hash code implementation used for...

8.2CVSS6.6AI score0.08689EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxslt

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS6.9AI score0.01817EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd performs incorrect memory handling during the parsing of crafted XML files, resulting in a one-byte constant being written beyond the bounds of the memory area...

6.5CVSS6.4AI score0.01035EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling during the parsing of crafted XML files, resulting in a heap-based buffer overflow...

7.5CVSS7.6AI score0.01402EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.13 views

Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS5.8AI score0.00743EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2026/05/19 12:16 p.m.20 views

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS0.00743EPSS
Exploits0References7
Amazon
Amazon
added 2026/05/15 12:0 a.m.14 views

Low: firefox

Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1706 --releasever...

7.5CVSS5.8AI score0.00379EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2026/05/12 9:7 p.m.11 views

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.5-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: Fix quadratic runtime from attribute name collision chec...

7.5CVSS5.8AI score0.00428EPSS
Exploits1
Snyk
Snyk
added 2026/05/11 5:19 p.m.26 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.10 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/05/10 7:16 a.m.6 views

ALPINE-CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.3AI score0.00428EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/10 7:16 a.m.12 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/10 6:36 a.m.8 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS5.7AI score0.00428EPSS
Exploits1References1
CVE
CVE
added 2026/05/10 6:36 a.m.153 views

CVE-2026-45186

CVE-2026-45186 affects libexpat prior to 2.8.1, where the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. The NVD entry reports a high impact on availability (CVSS: 7.5) with network attack vector and no privileges. Pu...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2026/05/10 6:36 a.m.62 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS0.00428EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.1 had security vulnerabilities, which stemmed from the computational complexity of attribute name conflict checks. These vulnerabilities could potentially lead to denial-of-service...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
Rows per page
Query Builder