766 matches found
python3.11-lxml bug fix and enhancement update
An update is available for python3.11-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
GHSA-PW95-88FG-3J6F Langroid Allows XXE Injection via XMLToolMessage
Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...
Langroid Allows XXE Injection via XMLToolMessage
Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...
python-lxml-doc-5.3.2-1.1 on GA media (moderate)
python-lxml-doc-5.3.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14999-1 Rating: moderate Cross-References: CVE-2025-24928 CVSS scores: CVE-2025-24928 SUSE : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2025-24928 SUSE : 6.8...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...
OPENSUSE-SU-2025:14999-1 python-lxml-doc-5.3.2-1.1 on GA media
These are all security issues fixed in the python-lxml-doc-5.3.2-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2018-19787
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a...
The vulnerability of the library for processing XML and HTML markup, Lxml, is related to the use of the NULL pointer pointer. This allows a malicious actor to cause a service failure.
The vulnerability of the Lxml library for processing XML and HTML markup is related to errors in pointer manipulation involving NULL pointers. Exploiting this vulnerability could allow an attacker to cause service failures...
ROS-20250128-05
Vulnerability of the library for processing XML and HTML Lxml markup is related to pointer dereferencing errors NULL in the iterwalk function. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
XML External Entity (XXE)
Unstructured is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration while setting resolveentities=False for parsing XML with lxml in partitionxml, which allows external entities to be processed...
ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)
lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: OSV:PYSEC-2024-160...
PYSEC-2024-160
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595
The CVE-2024-52595 issue affects lxml_html_clean (a cleaning module related to lxml.html.clean). Before version 0.4.0, the HTML Parser mishandles context-switching for tags such as , , and , causing CSS-comment content to be treated inconsistently and potentially enabling XSS in untrusted HTML sa...
CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)
lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: OSV:GHSA-5JFW-GQ64-Q45F...
GHSA-5JFW-GQ64-Q45F HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...
ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)
lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-8399905...
PT-2024-35391 · Unknown +1 · Lxml Html Clean +1
Name of the Vulnerable Software and Affected Versions: lxml html clean versions prior to 0.4.0 Description: The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , , and . This behavior deviates from how web browsers parse and interpret such tags...