CVE-2021-47986

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

CVE-2021-47986

Parse Server exposes a supply-chain vulnerability affecting all versions before 4.10.0 where incorrect version tags were pushed to the repository, linking to unreviewed code in a personal fork. Attackers could specify affected version tags in dependency declarations to execute unreviewed and pote...

CVE-2026-56411

A flaw was found in libexpat, a software library used for parsing XML Extensible Markup Language documents. An attacker could exploit an integer overflow vulnerability in the xmlwf utility by crafting malicious NOTATION declarations. This could lead to the disclosure of sensitive information or...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the endDoctypeDecl process when handling NOTATION declarations. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted XML input. Remediation A fix...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

CVE-2026-56411

CVE-2026-56411 affects libexpat’s xmlwf binary, with an integer overflow in endDoctypeDecl triggered by NOTATION declarations prior to version 2.8.2. The CVSS metrics indicate a Local attack vector, high confidentiality and integrity impact, and low availability impact, with no user interaction r...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

Linux Distros Unpatched Vulnerability : CVE-2026-56411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. CVE-2026-56411 Note that Nessus relies on the presence of th...

PT-2026-51247

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the endDoctypeDecl function. This issue is triggered via NOTATION declarations, which are used in XML to define the format of non-XML data...

FreeSWITCH 安全漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.0, there were security...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the batman-adv module’s ability to encounter deallocated declarations while traversing the declaration...

CVE-2026-6340 Memory Exhaustion via Malicious 7zip File Upload

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

GHSA-4V8G-86X5-3VRC Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

CLSA-2026-1776861173 python3: Fix of CVE-2022-48565

CVE-2022-48565: plistlib: reject XML entity declarations in plist files to prevent XXE attacks...

CVE-2026-33943

A flaw was found in Happy DOM, a JavaScript implementation of a web browser. This vulnerability allows a remote attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions. The ECMAScriptModuleCompiler component fails to properly sanitize content within export...

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...