CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/03 4:4 p.m.•1 views

SUSE-SU-2026:20627-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...

7.8CVSS6AI score0.00007EPSS

OSV•added 2026/03/03 4:4 p.m.•1 views

SUSE-SU-2026:20642-1 Security update for expat

7.8CVSS6AI score0.00007EPSS

OSV•added 2026/02/17 9:35 a.m.•1 views

SUSE-SU-2026:20481-1 Security update for expat

7.8CVSS7.3AI score0.00007EPSS

OSV•added 2026/02/13 4:46 p.m.•1 views

SUSE-SU-2026:20350-1 Security update for expat

7.8CVSS6AI score0.00007EPSS

OSV•added 2026/02/10 2:3 p.m.•1 views

CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...

2.9CVSS6.8AI score0.00007EPSS

OSV•added 2026/02/10 7:11 a.m.•2 views

CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...

2.9CVSS7.2AI score0.00007EPSS

OSV•added 2026/02/09 2:44 p.m.•3 views

CLSA-2026-1770648267 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

2.9CVSS5.8AI score0.00007EPSS

OSV•added 2026/02/09 2:38 p.m.•2 views

CLSA-2026-1770647876 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

2.9CVSS7.2AI score0.00007EPSS

OSV•added 2026/02/06 3:54 p.m.•1 views

OESA-2026-1299 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data.CVE-2026-24515...

2.9CVSS5.4AI score0.00007EPSS

OSV•added 2026/01/30 12:28 p.m.•4 views

OESA-2026-1274 expat security update

2.9CVSS5.9AI score0.00007EPSS

OSV•added 2026/01/30 12:28 p.m.•3 views

OESA-2026-1272 expat security update

2.9CVSS5.9AI score0.00007EPSS

SUSE CVE•added 2026/01/24 12:24 a.m.•1 views

SUSE CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

5.5CVSS5.4AI score0.00007EPSS

Exploits0References11

OSV•added 2026/01/23 8:16 a.m.•1 views

AZL-75216 CVE-2026-24515 affecting package expat for versions less than 2.6.4-3

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.2AI score0.00007EPSS

OSV•added 2026/01/23 8:16 a.m.•2 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.8AI score

OSV•added 2026/01/23 8:16 a.m.•1 views

ALPINE-CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.1AI score0.00007EPSS

NVD•added 2026/01/23 8:16 a.m.•6 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS0.00007EPSS