Lucene search
K

144 matches found

Debian CVE
Debian CVE
added 4 days ago3 views

CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS5.7AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2026-2106)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveU...

6.2CVSS5.8AI score0.00755EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.18 views

SUSE CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.8 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/03 9:57 a.m.5 views

OESA-2026-2187 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/04/21 12:0 a.m.8 views

libXpm -- Out-of-bounds read in xpmNextWord()

The X.Org project reports: libXpm uses a number of internal helper functions to parse the XPM file format. One of these internal functions, xpmNextString, checks for the NULL terminator when looking for the end of the current string but not when looking for the beginning of the next string. A sma...

5.5CVSS5.3AI score0.00129EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/20 7:23 p.m.7 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 9:2 a.m.12 views

CLSA-2026-1776070934 grafana: Fix of CVE-2026-25679

rebuild with golang 1.25.7-els2 which fixes the following CVEs - - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 3:16 p.m.7 views

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

9.8CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/02/05 6:16 p.m.8 views

AZL-76799 CVE-2025-58190 affecting package cri-o 1.30.1-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76842 CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 6:50 p.m.4 views

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/15 3:15 p.m.7 views

CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS5.9AI score0.00755EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : libxml2-2.9.13-11.el9_6 (AXSA:2025-10680:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10680:11 advisory. libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 Tenable has extracted the preceding description block directl...

7.8CVSS6.4AI score0.00339EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-3018

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An uncontrolled recursion issue exists in libxml2, an XML parsing library, specifically within the xmlCatalogXMLResolveURI function. This occurs when an XML catalog includes a delegate URI...

5.9CVSS5.9AI score0.00755EPSS
Exploits4References81
OSV
OSV
added 2025/12/29 11:15 p.m.4 views

AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.1AI score0.0041EPSS
Exploits1References1
Fedora
Fedora
added 2025/12/21 12:52 a.m.11 views

[SECURITY] Fedora 42 Update: uriparser-1.0.0-1.fc42

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

2.9CVSS7AI score0.0012EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/02 2:22 p.m.6 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

7.5CVSS7.1AI score0.19433EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2025/12/01 10:0 a.m.13 views

haproxy: denial of service vulnerability in HAProxy mjson library

A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function...

7.5CVSS5.7AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2025/11/28 9:14 a.m.9 views

RLSA-2025:22175 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...

5.3CVSS6.8AI score0.01279EPSS
Exploits1References2
Rows per page
Query Builder