Lucene search
+L

1027 matches found

nvd
nvd
added yesterday6 views

CVE-2026-57074

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

Exploits0References3
rocky
rocky
added yesterday4 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00531EPSS
Exploits0
rocky
rocky
added 2 days ago5 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00531EPSS
Exploits0
cve
cve
added 3 days ago6 views

CVE-2026-57097

CVE-2026-57097 describes an Untrusted search path in Microsoft XML that allows a physical attacker to bypass a security feature. Affects Microsoft XML; impact is described as high for confidentiality, integrity, and availability with a physical attack requiring no user interaction. No exploit det...

6.4CVSS6.1AI score0.00248EPSS
Exploits0References1
cve
cve
added last week10 views

CVE-2026-55466

CVE-2026-55466 (Snipe-IT) is a stored XSS vulnerability in the UploadFileRequest path before version 8.6.2. The sanitizer only processes SVG content when PHP finfo reports image/svg+xml, and UploadedFilesController serves attachments inline without StorageHelper::allowSafeInline(), enabling a low...

8.7CVSS6.1AI score0.00316EPSS
Exploits1References3Affected Software1
ubuntu
ubuntu
added 2026/07/09 11:51 a.m.6 views

USN-8520-1: Expat vulnerability

It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service...

7.5CVSS6AI score0.00398EPSS
Exploits0
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-724 Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...

8.8CVSS7.6AI score0.20947EPSS
Exploits1References9
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40521

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00316EPSS
Exploits0References3
cve
cve
added 2026/06/30 7:32 p.m.17 views

CVE-2026-13449

IBM Business Automation Manager Open Editions (versions 9.0.0–9.4.2) are vulnerable to an XML External Entity (XXE) attack when processing XML data, potentially exposing sensitive information or exhausting memory. Root cause: XXE in XML processing. Impact: confidentiality and availability risks a...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.10 views

PT-2026-54276

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An improper implementation of XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS by using a crafted HTML page to inject arbitrary scripts or HTML. Recommendatio...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References447
cve
cve
added 2026/06/26 10:58 p.m.16 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
osv
osv
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
debiancve
debiancve
added 2026/06/25 2:30 p.m.5 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
euvd
euvd
added 2026/06/23 12:13 p.m.10 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
osv
osv
added 2026/06/21 3:56 p.m.3 views

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS6AI score0.0011EPSS
Exploits0References3
github
github
added 2026/06/11 1:5 p.m.14 views

guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/11 12:42 p.m.29 views

CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS0.00219EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 2:59 p.m.13 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
osv
osv
added 2026/06/09 2:33 p.m.6 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References3
Rows per page
Query Builder