Lucene search
K

334 matches found

EUVD
EUVD
added 2026/06/21 3:56 p.m.10 views

EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/06/21 3:56 p.m.36 views

CVE-2026-56411

CVE-2026-56411 affects libexpat’s xmlwf binary, with an integer overflow in endDoctypeDecl triggered by NOTATION declarations prior to version 2.8.2. The CVSS metrics indicate a Local attack vector, high confidentiality and integrity impact, and low availability impact, with no user interaction r...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51247

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the endDoctypeDecl function. This issue is triggered via NOTATION declarations, which are used in XML to define the format of non-XML data...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/13 1:13 a.m.15 views

[SECURITY] Fedora 44 Update: composer-2.10.1-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/08 3:41 p.m.3 views

CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/27 3:33 p.m.15 views

EUVD-2026-32248

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.8AI score0.0016EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:11 a.m.27 views

Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
OSV
OSV
added 2026/05/20 12:4 p.m.1 views

BIT-PYTHON-MIN-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in tinyxml

In TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML, as of version 2.6.2, there is a reachable assertion which leads to application exit when a crafted XML document is used, where a null character ‘\0’ is placed after a whitespace...

7.5CVSS7AI score0.01372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42176

Name of the Vulnerable Software and Affected Versions twig/markdown-extra affected versions not specified twig/cssinliner-extra affected versions not specified Description Several filters in the twig/ extras packages are incorrectly registered with is safe = 'all', which instructs the autoescaper...

5.1CVSS5.8AI score0.0006EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/05/13 3:1 p.m.63 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS0.00197EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/09 12:46 a.m.10 views

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/08 6:32 a.m.12 views

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process when a declaration references an external host. An attacker can access sensitive...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.13 views

SUSE CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References3
Redos
Redos
added 2026/05/05 12:0 a.m.12 views

ROS-20260505-73-0015

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7.3AI score0.00621EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/04 4:55 p.m.49 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:55 p.m.5 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 4:55 p.m.23 views

EUVD-2026-27003

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 4:55 p.m.8 views

CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00515EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.13 views

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
Rows per page
Query Builder