Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.7 views

PT-2026-37825

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/13 10:5 a.m.3 views

firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...

9.8CVSS7.2AI score0.00483EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2026-1374)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00612EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/10/14 6:2 a.m.4 views

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

3.1CVSS5.8AI score0.00258EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/06 6:31 p.m.11 views

LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing

The HTMLSectionSplitter class in langchain-text-splitters is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSLT without any...

7.5CVSS6.9AI score0.00612EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/10/06 6:15 p.m.9 views

CVE-2025-6985

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

7.5CVSS0.00612EPSS
Exploits0References1
CVE
CVE
added 2025/10/06 5:58 p.m.97 views

CVE-2025-6985

The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...

7.5CVSS7.5AI score0.00612EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 6:34 p.m.10 views

CVE-2024-52807 XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS6.6AI score0.00547EPSS
Exploits0References5
OSV
OSV
added 2024/11/08 10:28 p.m.1 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.9AI score0.00918EPSS
Exploits0References8
Rows per page
Query Builder