Lucene search
K

38 matches found

CVE
CVE
added 2026/03/16 6:54 a.m.44 views

CVE-2026-32776

libexpat prior to 2.7.5 contains a NULL pointer dereference in the handling of empty external parameter entity content during XML parsing. Affected component: expat XML parser in versions before 2.7.5. Root cause: NULL pointer dereference inside external parameter entity processing. Impact per CV...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 6:54 a.m.5 views

CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

4CVSS5.8AI score0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 6:54 a.m.5 views

CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

4CVSS5.8AI score0.00144EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/16 6:54 a.m.1 views

CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

5.5CVSS5.8AI score0.00144EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

libexpat 代码问题漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.5 had code vulnerabilities; these vulnerabilities stemmed from allowing null pointer dereferencing when handling empty external parameter entity content...

5.5CVSS7.2AI score0.00144EPSS
Exploits0References3
Talos
Talos
added 2026/01/20 12:0 a.m.9 views

MedDream PACS Premium existingUser reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2257 MedDream PACS Premium existingUser reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54778 SUMMARY A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium...

6.1CVSS5.7AI score0.00235EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-25630

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.5 Description The software contains a flaw where a NULL pointer dereference can occur when processing empty external parameter entity content. Recommendations Update to version 2.7.5 or later...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References72
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.8 views

SUSE CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

4.3CVSS6.8AI score0.081EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2015/03/31 5:0 p.m.7 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS
Exploits0References4
OSV
OSV
added 2014/12/26 5:4 p.m.9 views

MGASA-2014-0547 Updated resteasy package fix CVE-2014-3490

Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...

7.5CVSS6.2AI score0.04572EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/10/16 11:12 p.m.5 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/16 11:2 p.m.5 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/15 3:3 a.m.7 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/15 2:9 a.m.6 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/09/24 4:53 p.m.5 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/11 5:5 p.m.5 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/08/07 12:0 a.m.39 views

CentOS 7 : resteasy-base (CESA-2014:1011)

Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7.9AI score0.04572EPSS
Exploits0References2
Rows per page
Query Builder