Lucene search
K

18 matches found

NVD
NVD
added 2026/05/27 8:16 p.m.10 views

CVE-2026-47273

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb builds XPath expressions from user-supplied identifiers PAM username, service name and device-supplied identifiers USB device serial, model, vendor to query /etc/pamusb.conf. These identifiers...

6.5CVSS0.00273EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 1:35 p.m.4 views

CVE-2026-4645

...

5.8AI score0.00152EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-4645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions...

5.8AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

编号撤回

XPath is a language developed by antchfx for locating nodes within XML documents. This CVE number has been withdrawn...

5.7AI score0.00152EPSS
Exploits0References6
OSV
OSV
added 2026/03/06 6:54 a.m.6 views

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.00484EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.4 views

PT-2026-2973

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...

9.8CVSS7.3AI score0.00049EPSS
Exploits0References8
Veracode
Veracode
added 2025/11/11 8:44 a.m.9 views

XPath Injection

smolagents is vulnerable to XPath injection. The vulnerability is due to insecure XPath construction due to searchitemctrlf concatenating unsanitized user input into XPath expressions, allowing attackers to inject XPath to bypass filters, access unintended DOM nodes, or disrupt web automation...

5.4CVSS5.5AI score0.00252EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/10/02 1:27 p.m.5 views

CLSA-2025-1759411642 libxml2: Fix of CVE-2025-9714

CVE-2025-9714: preserve recursion depth across recursive calls to prevent stack overflow in XPath evaluation...

6.2CVSS6.5AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/09/10 7:15 p.m.8 views

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

6.2CVSS0.00144EPSS
Exploits0References3
CVE
CVE
added 2025/09/10 6:43 p.m.71 views

CVE-2025-9714

CVE-2025-9714 affects libxml2 up to and including 2.9.14. The vulnerability arises from uncontrolled recursion in XPath evaluation: xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset recursion depth to zero before recursion, enabling stack overflow via crafted expressions. Impact is...

6.2CVSS6.2AI score0.00144EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/14 4:28 p.m.6 views

CVE-2025-20218 Cisco Secure Firepower Management Center Software XPATH Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could...

4.9CVSS6.7AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2025/06/27 1:16 p.m.5 views

OESA-2025-1701 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS7AI score0.01067EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/05/14 1:43 a.m.3 views

firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...

4.8CVSS7.3AI score0.00267EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2024/07/06 1:10 a.m.258 views

Exploit for Code Injection in Geoserver

CVE-2024-36401 Remote Code Execution RCE Vulnerability In...

9.8CVSS9.9AI score0.99813EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2022/07/18 12:0 a.m.35 views

XPath Injection Authentication Bypass

XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...

7.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.16 views

XPath Injection

XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...

7.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/08/03 7:41 p.m.5 views

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

5CVSS5.8AI score0.07088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/01/11 5:43 p.m.5 views

libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

6.8CVSS7.5AI score0.02129EPSS
Exploits0References4
Rows per page
Query Builder