Lucene search
K

47 matches found

OSV
OSV
added 2026/07/02 9:47 a.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
Cvelist
Cvelist
added 2026/06/26 3:40 p.m.40 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS0.00113EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.15 views

CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability stems from the possibility of consuming excessive CPU resources when parsing...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/01 2:47 p.m.7 views

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

7.5CVSS5.8AI score0.00348EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/24 11:44 a.m.3 views

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33905: Denial of service via out-of-bounds read in -sample...

8.7CVSS5.4AI score0.0051EPSS
Exploits0References24
Snyk
Snyk
added 2026/04/13 10:11 p.m.8 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 8:46 p.m.7 views

CVE-2026-33899

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-1...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

Pachno 安全漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains a security vulnerability, which stems from insecure XML parsing. This vulnerability could allow unverified attackers to read arbitrary files...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/26 2:16 a.m.8 views

CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 5:16 p.m.6 views

UBUNTU-CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS5.7AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 12:20 p.m.5 views

OESA-2025-2813 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

5.5CVSS6.6AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China Mito MetInfo. A security vulnerability exists in MetInfo CMS 8.1 and prior versions, which stems from a flaw in the XML parsing logic and could lead to a server-side request forgery attack...

7.5CVSS6.7AI score0.0046EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21244

Malware in sbrugna...

7.5CVSS7.6AI score0.01674EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.9 views

RockyLinux 9 : podman (RLSA-2025:7391)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7391 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of...

8.7CVSS7.2AI score0.00868EPSS
Exploits0References5
NVD
NVD
added 2025/09/17 6:15 p.m.6 views

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

5.3CVSS0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.7 views

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool from Apache USA that monitors various components. A security vulnerability exists in Apache HertzBeat versions prior to 1.7.0, which stems from an XML parsing vulnerability that could lead to remote code execution...

8.8CVSS7.7AI score0.00486EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/26 11:49 a.m.6 views

SUSE CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

4.8CVSS7.1AI score0.0104EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.5 views

Lenovo Filez 代码问题漏洞

Lenovo Filez is an enterprise web drive by the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo Filez that stems from improper XML parsing, which could lead to arbitrary file reading...

5.1CVSS6.8AI score0.0012EPSS
Exploits0References3
Rows per page
Query Builder