CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...

5.9CVSS5.8AI score0.00105EPSS

Exploits0References1Affected Software1

EUVD•added 3 days ago•5 views

EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS5.9AI score0.00111EPSS

Exploits0References1

Debian CVE•added 3 days ago•4 views

CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS5.9AI score0.00099EPSS

Exploits0

EUVD•added 3 days ago•6 views

EUVD-2026-38184

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS

Exploits0References1

Cvelist•added 3 days ago•29 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS0.00102EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•4 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.9AI score0.00102EPSS

Exploits0References2

Debian CVE•added 3 days ago•4 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.9AI score0.00102EPSS

Exploits0

CVE•added 3 days ago•13 views

CVE-2026-56404

CVE-2026-56404 affects libexpat before 2.8.2, where an integer overflow occurs in addBinding. This is the only detail provided; no exploitation or remediation information is included in the supplied documents.

6.9CVSS5.9AI score0.00102EPSS

Exploits0References1Affected Software1

Debian CVE•added 3 days ago•4 views

CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS5.9AI score0.00102EPSS

Exploits0

Tenable Nessus•added 3 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in getAttributeId. CVE-2026-56405 Note that Nessus relies on the presence of the package as reported by the vendor...

6.9CVSS5.9AI score0.00102EPSS

Exploits0References4

AstraLinux•added 5 days ago•7 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The addBinding method in xmlparse.c within Expat also known as libexpat has an integer overflow issue before version 2.4.3...

9.8CVSS8AI score0.04829EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, and Expat

Expat also known as libexpat prior to version 2.4.4 has a signed integer overflow issue in XMLGetBuffer, especially for configurations where XMLCONTEXTBYTES is non-zero...

9.8CVSS8.2AI score0.04651EPSS

Exploits0References2

EUVD•added 5 days ago•9 views

EUVD-2026-37977

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.6AI score0.00088EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by