NeuroLog: Reasoning You Can Audit -- Neuro-Symbolic Vulnerability Discovery Via LLM Facts, Datalog, and SMT

Vulnerability discovery on C/C++ source asks the analyst to choose between heavyweight static analysers, which need a working build before a single query runs, and free-form LLMs, which read source readily but invent details and lose track of cross-function dataflow on real codebases. We present...

CVE-2026-7263

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

Security Bulletin: Vulnerabilities in libxml2 (CVE-2026-0989, CVE-2026-0990, CVE-2026-0992) affect AIX

Summary Vulnerabilities in libxml2 could cause a denial of service CVE-2026-0989, CVE-2026-0990, CVE-2026-0992. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2026-6732 DESCRIPTION: A flaw was found in libxml2. This vulnerability occurs when the library...

TencentOS Server 3: libxml2 (TSSA-2025:1013)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1013 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: libxml2 (TSSA-2026:0348)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0348 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

new packages: libxml2

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

Astra Linux - уязвимость в libxml2

There is a flaw in libxml2 in versions before 2.9.11. An attacker who can submit a crafted file for processing by an application that uses libxml2 can trigger a use-after-free vulnerability. The most significant impact of this flaw is related to confidentiality, integrity, and availability...

Astra Linux - уязвимость в libxml2

A flaw was identified in the RelaxNG parser of libxml2 regarding how external schema inclusions are handled. The parser does not enforce a limit on the inclusion depth when resolving nested directives. Specifically crafted or overly complex schemas can cause excessive recursion during parsing. Th...

Astra Linux - уязвимость в libxml2

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlStringGetNodeList function in the tree.c component of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

There is a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who can submit a crafted file for processing by xmllint could trigger a use-after-free. The most significant impact of this flaw is on confidentiality, integrity, and availability...

Astra Linux - уязвимость в libxml2

A flaw was discovered in the libxml2 library. This vulnerability arises from uncontrolled resource consumption when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this vulnerability by providing malicious catalogs,...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlFAParseCharClassEsc function in the xmlregexp.c component of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlFAParseQuantExact function in the xmlregexp.c component of the Libxml2 library is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

The vulnerability of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier, as well as other products, does not provide a direct flag indicating that the current document may be read, but other files may not be opened. This makes it easier for remote attackers to carry out XML External Entity XXE attacks...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlBuildRelativeURI function in the uri.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service failures remotely...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlParseAttValueComplex function in the parser.c component of the Libxml2 library is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...

Astra Linux - уязвимость в libxml2

There is a flaw in the XML entity encoding functionality of libxml2 in versions prior to 2.9.11. An attacker who can provide a crafted file for processing by an application that utilizes the affected functionality of libxml2 may trigger an out-of-bounds read. The most likely impact of this flaw i...