Lucene search
K

171 matches found

EUVD
EUVD
added 2026/06/21 3:58 p.m.10 views

EUVD-2026-38189

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/21 3:58 p.m.5 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00105EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in WebKit2GTK

This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, and iPadOS 14.4. Maliciously crafted web content may violate...

6.5CVSS7AI score0.01515EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.10 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:56 a.m.6 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.3AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 2:56 a.m.34 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS0.00102EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 2:56 a.m.40 views

CVE-2026-56131

CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...

4.9CVSS5.3AI score0.00102EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/19 2:56 a.m.5 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.8AI score0.00102EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00102EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/08 6:18 a.m.14 views

CVE-2026-50219

A flaw was found in libexpat. This vulnerability occurs because the library, in versions before 2.8.2, does not properly track handler call depth when certain XML parsing functions are invoked from within handlers during a policy violation. This oversight can lead to a use-after-free condition,...

5.9CVSS5.6AI score0.00218EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.17 views

SUSE CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 6:16 a.m.4 views

ALPINE-CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 4:20 a.m.13 views

EUVD-2026-34206

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:20 a.m.123 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation, causing a use-after-free. Affected: libexpat prior to 2.8.2. Impact is described as a MEDIUM-seve...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 4:20 a.m.10 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 4:20 a.m.9 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.8AI score0.00218EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 4:20 a.m.6 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.8AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/03/29 6:16 p.m.5 views

CVE-2026-0558

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

9.8CVSS0.0043EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/29 5:53 p.m.20 views

CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

7.5CVSS0.0043EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/01/17 3:4 a.m.16 views

AWS VDP: Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation

Asset URL: ██████ Summary: The AWS sign-in page allows users to reuse old passwords when resetting their password, which violates security best practices outlined in OWASP Authentication Cheat Sheet and NIST 800-63B Digital Identity Guidelines. This misconfiguration could potentially weaken accou...

5.6AI score
Exploits0
Rows per page
Query Builder