PT-2026-38869

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

libxslt: Processing web content may disclose sensitive information

A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling...

SUSE SLED15: libxslt-devel / libxslt-devel-32bit / libxslt-tools / libxslt1 / etc (SUSE-SU-2026:0801-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0801-1 advisory. - CVE-2025-10911: use-after-free will be fixed on libxml2 side instead bsc1250553. Tenable has extracted...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

TencentOS Server 3: libxslt (TSSA-2022:0062)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0062 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2025-2394)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : libxml2 vulnerability (USN-7852-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7852-1 advisory. It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash,...

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2025-2204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-20998

Malicious code in bioql PyPI...

Important: libxml2

Issue Overview: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the...

Linux Distros Unpatched Vulnerability : CVE-2025-7424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML...

macOS 15.x < 15.6 Multiple Vulnerabilities (124149)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.6. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could...

macOS 14.x < 14.7.7 Multiple Vulnerabilities (124150)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.7. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion durin...

SUSE CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...