2080 matches found
VulnCheck KEV: CVE-2026-7473
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
Security Advisory 0137
Security Advisory 0137 PDF Date: May 5, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 5, 2026 | Initial release 1.1 | May 7, 2026 | Clarified 7280R3, 7500R3 and 7800R3 exposure is limited 1.2 | May 13, 2026 | Updated Mitigation section with a note of caution 1.3 | May 20, 2026 | Updated...
PT-2026-46983
Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurations—such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfaces—the swit...
CVE-2026-42231
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...
Astra Linux – Vulnerability in netcdf
A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, when parsing a crafted XML file, performs incorrect memory handling, resulting in a NULL pointer being dereferenced while running strlen on a NULL pointer...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: EFI: Fixed NULL dereference in the init error path. In cases where runtime services are not supported or have been disabled, the runtime services’ workqueue will never be allocated. Do not attempt to destroy the workqueue...
PT-2026-36482
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...
CVE-2026-6807
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...
firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...
Juniper Junos OS Vulnerability (JSA75734)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75734 advisory. - An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a network-based,...
CVE-2018-25282 Nmap 7.70 Denial of Service via XML Entity Expansion
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...
PT-2026-35252
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...
CVE-2026-41066
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
UBUNTU-CVE-2026-41066
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
EUVD-2026-25572
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
CVE-2026-41066
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...
SUSE CVE-2008-5091
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service application crash via vectors involving an "invalid extensibleMatch filter."...
XML Injection
Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the serialized output...