Lucene search
K

563 matches found

OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2857 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a poli...

6.9CVSS6.2AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2026/07/03 6:56 a.m.5 views

ROOT-OS-DEBIAN-12-CVE-2026-41080 CVE-2026-41080 in rootio-expat - Patched by Root

Root has patched CVE-2026-41080 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...

3.7CVSS5.4AI score0.00379EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/25 8:46 p.m.7 views

GHSA-XQW9-F65G-5QXW vulnerabilities

Vulnerabilities for packages: expat...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/25 8:36 p.m.5 views

CVE-2026-56404 vulnerabilities

Vulnerabilities for packages: expat...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
OSV
OSV
added 2026/06/21 5:16 p.m.5 views

UBUNTU-CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 4:16 p.m.5 views

ALPINE-CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/06/21 4:16 p.m.10 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/06/21 4:16 p.m.11 views

CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.5 views

UBUNTU-CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 4:16 p.m.5 views

UBUNTU-CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 4:16 p.m.6 views

UBUNTU-CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 3:58 p.m.45 views

CVE-2026-56412

In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...

5.9CVSS5.8AI score0.00105EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/21 3:56 p.m.8 views

EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/21 3:55 p.m.6 views

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/21 3:52 p.m.7 views

CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS5.9AI score0.00098EPSS
Exploits0
EUVD
EUVD
added 2026/06/21 3:49 p.m.9 views

EUVD-2026-38184

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 3:48 p.m.34 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS0.00102EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/21 3:47 p.m.5 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.9AI score0.00102EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/21 3:47 p.m.5 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Rows per page
Query Builder