CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.5.0 to 1.10.2 had security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation or throttling, which could allow unauthenticated attackers to consume atomic tables...

8.2CVSS5.8AI score0.0003EPSS

Exploits1References1

OSV•added 2026/04/23 11:16 p.m.•2 views

ALPINE-CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.7AI score0.00045EPSS

Exploits1References1

Debian CVE•added 2026/04/23 10:19 p.m.•4 views

CVE-2026-6732

7.5CVSS5.4AI score0.00045EPSS

Exploits1

Vulnrichment•added 2026/04/23 10:19 p.m.•7 views

CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document

6.5CVSS5.5AI score0.00045EPSS

Exploits1References5

Tenable Nessus•added 2026/04/23 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes...

7.5CVSS5.5AI score0.00045EPSS

Exploits1References4

Positive Technologies•added 2026/04/04 12:0 a.m.•2 views

PT-2026-30330

Name of the Vulnerable Software and Affected Versions Directus affected versions not specified Description When GRAPHQL INTROSPECTION=false is configured, Directus blocks standard GraphQL introspection queries but the /graphql/system endpoint's server specs graphql resolver returns an equivalent...

5.3CVSS5.8AI score0.00018EPSS

Exploits0References5

Ubuntu•added 2024/01/18 6:21 p.m.•76 views

USN-6590-1: Xerces-C++ vulnerabilities

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

8.8CVSS6.9AI score0.04171EPSS

Exploits0

OSV•added 2023/04/24 9:15 p.m.•5 views

AZL-26281 CVE-2023-28484 affecting package libxml2 for versions less than 2.10.4-1

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

6.5CVSS6.7AI score0.00403EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 6:6 a.m.•3 views

SUSE CVE-2008-4482

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...

7.8CVSS6.8AI score0.01995EPSS

Exploits1References3

OSV•added 2022/05/14 1:18 a.m.•31 views

GHSA-R2XF-W5PJ-9PW8 Apache Syncope JEXL Code Injection

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

6.5CVSS7.2AI score0.01419EPSS

Exploits1References4