Lucene search
K

766 matches found

Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.6 views

python3.11-lxml bug fix and enhancement update

An update is available for python3.11-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

6.8AI score
Exploits0
OSV
OSV
added 2025/05/05 8:40 p.m.8 views

GHSA-PW95-88FG-3J6F Langroid Allows XXE Injection via XMLToolMessage

Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...

8.8CVSS6.5AI score0.00545EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/05/05 8:40 p.m.17 views

Langroid Allows XXE Injection via XMLToolMessage

Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...

9.1CVSS6.8AI score0.00545EPSS
Exploits1References5Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2025/04/16 12:0 a.m.6 views

python-lxml-doc-5.3.2-1.1 on GA media (moderate)

python-lxml-doc-5.3.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14999-1 Rating: moderate Cross-References: CVE-2025-24928 CVSS scores: CVE-2025-24928 SUSE : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2025-24928 SUSE : 6.8...

6.8CVSS7.3AI score0.00375EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:20 a.m.76 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...

9.8CVSS9.5AI score0.07269EPSS
Exploits5Affected Software1
OSV
OSV
added 2025/04/15 12:0 a.m.11 views

OPENSUSE-SU-2025:14999-1 python-lxml-doc-5.3.2-1.1 on GA media

These are all security issues fixed in the python-lxml-doc-5.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.8CVSS6.9AI score0.00375EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2018-19787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a...

6.1CVSS6.7AI score0.02438EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.6 views

The vulnerability of the library for processing XML and HTML markup, Lxml, is related to the use of the NULL pointer pointer. This allows a malicious actor to cause a service failure.

The vulnerability of the Lxml library for processing XML and HTML markup is related to errors in pointer manipulation involving NULL pointers. Exploiting this vulnerability could allow an attacker to cause service failures...

7.8CVSS6.2AI score0.02462EPSS
Exploits1References9Affected Software6
Redos
Redos
added 2025/01/28 12:0 a.m.151 views

ROS-20250128-05

Vulnerability of the library for processing XML and HTML Lxml markup is related to pointer dereferencing errors NULL in the iterwalk function. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

7.5CVSS6.7AI score0.02462EPSS
Exploits1
Veracode
Veracode
added 2024/12/19 2:43 p.m.10 views

XML External Entity (XXE)

Unstructured is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration while setting resolveentities=False for parsing XML with lxml in partitionxml, which allows external entities to be processed...

9.8CVSS6.7AI score0.00545EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2024/11/19 10:15 p.m.5 views

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: OSV:PYSEC-2024-160...

7.7CVSS5.7AI score0.00472EPSS
Exploits0
OSV
OSV
added 2024/11/19 10:15 p.m.10 views

PYSEC-2024-160

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

6.1CVSS7AI score0.00472EPSS
Exploits0References3
OSV
OSV
added 2024/11/19 9:27 p.m.9 views

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.6AI score0.00472EPSS
Exploits0References5
CVE
CVE
added 2024/11/19 9:27 p.m.90 views

CVE-2024-52595

The CVE-2024-52595 issue affects lxml_html_clean (a cleaning module related to lxml.html.clean). Before version 0.4.0, the HTML Parser mishandles context-switching for tags such as , , and , causing CSS-comment content to be treated inconsistently and potentially enabling XSS in untrusted HTML sa...

7.7CVSS6.3AI score0.00472EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/11/19 9:27 p.m.11 views

CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.2AI score0.00472EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/19 9:27 p.m.14 views

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.9AI score0.00472EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/11/19 9:7 p.m.5 views

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: OSV:GHSA-5JFW-GQ64-Q45F...

7.7CVSS5.7AI score0.00472EPSS
Exploits0
OSV
OSV
added 2024/11/19 9:7 p.m.16 views

GHSA-5JFW-GQ64-Q45F HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...

7.7CVSS6.2AI score0.00472EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/11/19 9:7 p.m.6 views

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +22 more potentially affected by CVE-2024-52595 via lxml-html-clean (>=0.1.0 <=0.3.1)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.6.0, =0.2.0, =12.0.15, =1.0.1, =0.1.0, =0.1.0, =1.10.0, =1.19.0 and more Source cves: CVE-2024-52595 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-8399905...

7.7CVSS5.7AI score0.00472EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.4 views

PT-2024-35391 · Unknown +1 · Lxml Html Clean +1

Name of the Vulnerable Software and Affected Versions: lxml html clean versions prior to 0.4.0 Description: The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS6AI score0.00472EPSS
Exploits0References17
Rows per page
Query Builder