Lucene search
K

674 matches found

Nuclei
Nuclei
added 4 days ago14 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7.4AI score0.79807EPSS
Exploits5References2
Cvelist
Cvelist
added 2026/06/24 5:45 p.m.30 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:45 p.m.46 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS6.2AI score0.00625EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/22 2:55 p.m.5 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: – Fixed a refcount leak in bcm4908partitionsfwoffset. The function offindnodebypath returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the...

5.5CVSS5.3AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mtd: parsers: qcom: Fixed the issue where pparts was not freed after cleanup. The Mtdpart function does not free pparts when a cleanup function is declared. Added a check to ensure pparts is freed after cleanup, to fix the lea...

5.5CVSS5AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 5:3 a.m.6 views

Incorrect Synchronization

Overview Affected versions of this package are vulnerable to Incorrect Synchronization in the doProlog function in xmlparse.c due to improper handling of scaffold backing array reallocation when data structures are shared across multiple parsers. An attacker can achieve arbitrary code execution o...

7.5CVSS6.6AI score0.00088EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00088EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 3:0 a.m.38 views

CVE-2026-56132

CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...

6.9CVSS5.6AI score0.00088EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/19 3:0 a.m.34 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS0.00088EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-50832

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description A heap-based buffer overflow occurs in the doProlog function within xmlparse.c. This issue arises because the reallocation of the scaffold backing array is mishandled when data-structure sharing is...

6.9CVSS6.1AI score0.00088EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/17 7:59 p.m.6 views

CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.6AI score0.00439EPSS
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2025-210151

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.3AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.11 views

CVE-2025-71329

A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...

8.7CVSS5.6AI score0.0043EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.29 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49278

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A stack overflow occurs in the gf opus read length function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted MP4 file...

5.5CVSS5.9AI score0.00202EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/10 1:4 p.m.10 views

EUVD-2025-210106

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
CVE
CVE
added 2026/06/10 1:4 p.m.56 views

CVE-2025-71329

The CVE-2025-71329 vulnerability affects image-size up to version 2.0.2 and is triggered by a crafted image buffer containing a zero-valued size field in a recognized box-type, causing an infinite loop in the JXL or HEIF parsers and permanently blocking the Node.js event loop (DoS). Impact is den...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder