21 matches found
CVE-2026-25681
A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...
CVE-2026-42506
A flaw was found in golang.org/x/net/html. When parsing arbitrary HTML that is subsequently rendered, an unexpected HTML tree can be generated. A remote attacker could leverage this vulnerability to execute Cross-Site Scripting XSS attacks in applications that attempt to sanitize input HTML befor...
SUSE CVE-2026-42506
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
UBUNTU-CVE-2026-27136
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
EUVD-2026-31452
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
Security update for python36
This update for python36 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contro...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2006-10003
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...
AZL-76872 CVE-2025-47911 affecting package helm for versions less than 3.14.2-10
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2025-47911
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
PT-2026-3019
Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An issue exists in the libxml2 library related to uncontrolled resource consumption. The problem occurs when processing XML catalogs containing repeated elements that point to the same...
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...
AZL-45435 CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...
CVE-2024-34393
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...
The vulnerability of the CreateLabelOrAttrib function in the XML data compression tool Xmill allows a hacker to execute arbitrary code.
The vulnerability of the CreateLabelOrAttrib function in the XML data compression tool Xmill is related to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
SUSE CVE-2018-16428
In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference...
SUSE CVE-2021-31347
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...
PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...