Lucene search
+L

957 matches found

OSV
OSV
added 2026/03/16 2:19 p.m.5 views

UBUNTU-CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/16 12:16 p.m.4 views

CVE-2026-32777

A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition DTD content. This could lead to an infinite loop during parsing, resulting in a Denial of Service DoS for the application using libexpat...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/03/16 6:58 a.m.5 views

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

5.5CVSS5.8AI score0.00216EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/16 6:58 a.m.30 views

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

4CVSS0.00216EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/16 6:58 a.m.2 views

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

4CVSS5.8AI score0.00216EPSS
Exploits1References4
OSV
OSV
added 2026/03/16 6:58 a.m.6 views

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

4CVSS5.9AI score0.00216EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-32777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 Note that Nessus relies on the presence of the package as reported by th...

5.5CVSS7.1AI score0.00216EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.185 views

📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/04 12:6 a.m.18 views

OSV-2026-190 Security exception in com.ctc.wstx.util.TextBuffer.buildResultArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480987597 Crash type: Security exception Crash state: com.ctc.wstx.util.TextBuffer.buildResultArray com.ctc.wstx.util.TextBuffer.contentsAsArray com.ctc.wstx.dtd.FullDTDReader.parseEntityValue...

5.4AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in libxml2

In libxml2 versions before 2.12.10 and 2.13.x before 2.13.6, there is a stack-based buffer overflow in the xmlSnprintfElements function in the valid.c file. To exploit this vulnerability, DTD validation must be performed for untrusted documents or untrusted DTDs. NOTE: This vulnerability is simil...

7.8CVSS7.4AI score0.00374EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/01/22 12:0 a.m.364 views

📄 libxml2 2.9.14 Remote Code Execution

libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...

7.5CVSS5.8AI score0.01364EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 7 : xerces-c-3.1.1-10.el7 (AXSA:2020-4490:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4490:01 advisory. xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 Tenable has extracted the preceding...

8.1CVSS8.5AI score0.09503EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 7 : xerces-c-3.1.1-9.el7 (AXSA:2019-3675:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3675:01 advisory. xerces-c: Stack overflow when parsing deeply nested DTD CVE-2016-4463 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS5.6AI score0.14138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : libxml2-2.7.6-17.1.0.1.AXS4 (AXSA:2014-724:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-724:04 advisory. Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includ...

5CVSS6.5AI score0.03988EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/01/14 12:0 a.m.38 views

VulnCheck KEV: CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

7.5CVSS5.9AI score0.04648EPSS
In wildExploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs60 (SUSE-SU-2026:0044-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0044-1 advisory. - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart bsc123003...

9.8CVSS7.5AI score0.01686EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/01/07 9:31 p.m.12 views

Bio-Formats has an XML External Entity (XXE) vulnerability

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

7.1CVSS6.6AI score0.00142EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/01/05 2:15 p.m.14 views

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

6.5CVSS0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.10 views

PT-2026-1285

Name of the Vulnerable Software and Affected Versions Apache SIS versions 0.4 through 1.5 Description An improper restriction of XML external entity reference issue exists in Apache SIS. An attacker can craft XML files that, when parsed by Apache SIS, reveal the content of local files on the...

6.5CVSS5.9AI score0.00582EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/12/04 11:12 p.m.3 views

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

7.5CVSS7.3AI score0.0226EPSS
Exploits1References5
Rows per page
Query Builder