CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML documents without relying on C/C++-based libraries or callbacks. A security vulnerability exists in the version 1.1.5 of fast-xml-parser. This vulnerabilit...

Open Cascade OCCT 代码问题漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A code issue vulnerability exists in Open Cascade OCCT version V800rc5, which stems from a flaw in the VrmlDataIndexedFaceSet::TShape function in the VRML V2.0 parser, as malformed VRML inputs...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

OESA-2026-1882 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

OPENSUSE-SU-2026:10527-1 perl-XML-Parser-2.570.0-1.1 on GA media

These are all security issues fixed in the perl-XML-Parser-2.570.0-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:20993-1 Security update for perl-XML-Parser

This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...

EUVD-2006-7234

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

UBUNTU-CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

CLSA-2026-1770734656 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

OESA-2026-1296 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the MSL parser when processing a tag before any image is loaded. An attacker can cause a crash and denial of service by submitting a specially crafted MSL file that triggers a NULL pointer dereference during...

EUVD-2026-1407

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...

Allure Report 代码问题漏洞

Allure Report is a flexible, lightweight, multi-language test reporting tool from the Allure Framework open source. A code issue vulnerability exists in Allure Report 2 versions prior to 2.34.1, which stems from xunit-xml-plugin not securely configuring the XML parser, which could lead to XXE...

OESA-2024-1233 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

SUSE CVE-2013-2298

Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...