957 matches found
UBUNTU-CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
CVE-2026-32777
A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition DTD content. This could lead to an infinite loop during parsing, resulting in a Denial of Service DoS for the application using libexpat...
CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
CVE-2026-32777
libexpat before 2.7.5 allows an infinite loop while parsing DTD content...
Linux Distros Unpatched Vulnerability : CVE-2026-32777
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 Note that Nessus relies on the presence of the package as reported by th...
📄 fast-xml-parser 5.3.5 Denial of Service
A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...
OSV-2026-190 Security exception in com.ctc.wstx.util.TextBuffer.buildResultArray
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480987597 Crash type: Security exception Crash state: com.ctc.wstx.util.TextBuffer.buildResultArray com.ctc.wstx.util.TextBuffer.contentsAsArray com.ctc.wstx.dtd.FullDTDReader.parseEntityValue...
Astra Linux – Vulnerability in libxml2
In libxml2 versions before 2.12.10 and 2.13.x before 2.13.6, there is a stack-based buffer overflow in the xmlSnprintfElements function in the valid.c file. To exploit this vulnerability, DTD validation must be performed for untrusted documents or untrusted DTDs. NOTE: This vulnerability is simil...
📄 libxml2 2.9.14 Remote Code Execution
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...
MiracleLinux 7 : xerces-c-3.1.1-10.el7 (AXSA:2020-4490:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4490:01 advisory. xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 Tenable has extracted the preceding...
MiracleLinux 7 : xerces-c-3.1.1-9.el7 (AXSA:2019-3675:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3675:01 advisory. xerces-c: Stack overflow when parsing deeply nested DTD CVE-2016-4463 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 4 : libxml2-2.7.6-17.1.0.1.AXS4 (AXSA:2014-724:04)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-724:04 advisory. Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includ...
VulnCheck KEV: CVE-2017-17762
XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs60 (SUSE-SU-2026:0044-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0044-1 advisory. - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart bsc123003...
Bio-Formats has an XML External Entity (XXE) vulnerability
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2025-68280
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
PT-2026-1285
Name of the Vulnerable Software and Affected Versions Apache SIS versions 0.4 through 1.5 Description An improper restriction of XML external entity reference issue exists in Apache SIS. An attacker can craft XML files that, when parsed by Apache SIS, reveal the content of local files on the...
expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...