CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

OSV•added 2026/06/05 10:55 a.m.•5 views

BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

7.5CVSS5.8AI score0.0079EPSS

Exploits0References10

OSV•added 2026/06/05 10:47 a.m.•5 views

BIT-LIBPYTHON-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

7.5CVSS5.8AI score0.0079EPSS

Exploits0References10

RedhatCVE•added 2026/06/02 11:42 p.m.•8 views

CVE-2026-7210

A flaw was found in the python and expat components. Insufficient entropy in the hash-flooding protection mechanism of xml.parsers.expat and xml.etree.ElementTree allows a remote attacker to craft a malicious XML document. This crafted document can trigger a hash flooding attack, leading to a...

7.5CVSS5.7AI score0.0079EPSS

Exploits0References6

OSV•added 2026/05/11 6:16 p.m.•2 views

DEBIAN-CVE-2026-7210

7.5CVSS5.8AI score0.0079EPSS

Exploits0References1

UbuntuCve•added 2026/05/11 6:16 p.m.•11 views

CVE-2026-7210

9.8CVSS5.8AI score0.0079EPSS

Exploits0References1

Vulnrichment•added 2026/05/11 5:19 p.m.•5 views

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

6.3CVSS5.2AI score0.0079EPSS

Exploits0References7

CVE•added 2026/05/11 5:19 p.m.•98 views

CVE-2026-7210

CVE-2026-7210 affects Python XML parsers: xml.parsers.expat and xml.etree.ElementTree suffer from insufficient entropy in Expat hash-flooding protection, allowing a crafted XML to trigger flooding. Mitigation requires updating libexpat to 2.8.0+ and applying the accompanying patch. Connected note...

7.5CVSS5.8AI score0.0079EPSS

Exploits0References9Affected Software1

Cvelist•added 2026/05/11 5:19 p.m.•57 views

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

6.3CVSS0.0079EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2018-6545

Malware in sbrugna...

7.5CVSS6.7AI score0.10911EPSS

Exploits0References26

Gitee•added 2025/09/06 5:5 p.m.•259 views

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the standard library's xml.etree.ElementTree module, which is vulnerable to XML bombs. The defusedxml library defuses XML bombs by preventing...

7.1AI score

Exploits0

SUSE CVE•added 2023/02/15 4:25 a.m.•3 views

SUSE CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

5.3CVSS8.6AI score0.10911EPSS

Exploits0References29

OSV•added 2022/11/15 12:0 a.m.•28 views

ALSA-2022:8226 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS7.7AI score0.01972EPSS

Exploits1References4

AlmaLinux•added 2022/11/15 12:0 a.m.•58 views

Moderate: python-lxml security update

7.5CVSS7.6AI score0.01972EPSS

Exploits1References4

Fedora•added 2022/09/24 12:16 a.m.•47 views

[SECURITY] Fedora 37 Update: python-lxml-4.9.1-1.fc37

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more...

7.5CVSS6.7AI score0.01972EPSS

Exploits1

OpenVAS•added 2022/09/24 12:0 a.m.•13 views

Fedora: Security Advisory for python-lxml (FEDORA-2022-ed17f59c1d)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.8AI score0.01972EPSS

Exploits1References2

OpenVAS•added 2022/09/19 12:0 a.m.•12 views

Fedora: Security Advisory for python-lxml (FEDORA-2022-ed0eeb6a20)

7.5CVSS7.8AI score0.01972EPSS

Exploits1References2

Fedora•added 2022/09/18 1:16 a.m.•36 views

[SECURITY] Fedora 36 Update: python-lxml-4.7.1-3.fc36

7.5CVSS6.7AI score0.01972EPSS

Exploits1

Exploit DB•added 2022/06/03 12:0 a.m.•243 views

Telesquare SDT-CW3B1 1.1.0 - OS Command Injection

!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...

10CVSS9.6AI score0.9475EPSS

Exploits20

OSV•added 2022/05/10 8:8 a.m.•31 views

ALSA-2022:1932 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 For more details about the security issues, including the impact, ...

8.2CVSS7.7AI score0.02456EPSS

Exploits0References2

OpenVAS•added 2022/01/23 12:0 a.m.•17 views

Fedora: Security Advisory for python-lxml (FEDORA-2022-7129fbaeed)

8.2CVSS7.3AI score0.02456EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by