CLSA-2026-1777878328 libxml2: Fix of 2 CVEs

CVE-2018-14404: fix NULL pointer dereference in xmlXPathCompOpEval when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case - CVE-2019-19956: fix memory leak in xmlParseBalancedChunkMemoryRecover related to newDoc-oldNs...

SUSE-SU-2026:20574-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. bsc1257841 - CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Pat...

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

PT-2026-7066

Name of the Vulnerable Software and Affected Versions jsonpath affected versions not specified Description The package jsonpath is susceptible to Arbitrary Code Injection due to unsafe evaluation of user-supplied JSON Path expressions. The library utilizes the static-eval module to process JSON...

Unity Linux 20.1070e Security Update: libxslt (UTSA-2025-990908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990908 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.9.14 and earlier, which stems from an uncontrolled recursion in XPath evaluation that could lead ...

K000152944: libxslt vulnerability CVE-2025-24855, CVE-2024-55549

Security Advisory Description CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and...

OESA-2025-1769 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

SUSE CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

PT-2025-37090

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.15 Description: An uncontrolled recursion issue in XPath evaluation within libxml2 allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval,...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

UBUNTU-CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

Apple iOS Backup System Restricted File Access Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A problem in the Apple iOS local system relative path evaluation logic allows an attacker to access restricted file contents using a backup system...