Lucene search
+L

38 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8500-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8500-1 advisory. It was discovered that Vim incorrectly handled path traversal in the...

8.4CVSS6.4AI score0.00154EPSS
Exploits0References9
NVD
NVD
added 2026/06/21 5:16 p.m.14 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 6:17 a.m.5 views

UBUNTU-CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.8AI score0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:56 a.m.14 views

EUVD-2026-37976

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/19 2:56 a.m.9 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.9AI score0.00135EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00135EPSS
Exploits0References8
OSV
OSV
added 2026/06/12 12:28 p.m.7 views

OESA-2026-2680 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, ...

5.9CVSS5.3AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 11:17 p.m.5 views

UBUNTU-CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/05 8:2 a.m.4 views

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
OSV
OSV
added 2026/06/04 6:16 a.m.4 views

ALPINE-CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 4:20 a.m.49 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 4:20 a.m.10 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.8AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 4:20 a.m.15 views

EUVD-2026-34206

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:20 a.m.164 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation, causing a use-after-free. Affected: libexpat prior to 2.8.2. Impact is described as a MEDIUM-seve...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/04 4:20 a.m.2 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.9AI score0.00218EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/04 4:20 a.m.8 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46147

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The software lacks handler call depth tracking when specific functions are called from within handlers during a policy violation. This can lead to a use-after-free condition, which occurs when a...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2026/05/19 6:26 p.m.4 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References8
OSV
OSV
added 2026/04/13 5:43 a.m.4 views

BIT-GOLANG-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.7AI score0.0029EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/10 2:24 p.m.4 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6AI score0.0029EPSS
Exploits0References8
Rows per page
Query Builder