Lucene search
K

746 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/06 6:27 p.m.14 views

Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/06 2:45 p.m.8 views

BIT-JAVA-MIN-2025-7425 Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.7AI score0.00339EPSS
Exploits1References44
OSV
OSV
added 2026/05/06 2:45 p.m.9 views

BIT-JAVA-MIN-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

7.5CVSS6.7AI score0.012EPSS
Exploits0References14
OSV
OSV
added 2026/05/06 2:45 p.m.10 views

BIT-JAVA-2025-7425 Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.7AI score0.00339EPSS
Exploits1References44
OSV
OSV
added 2026/05/06 2:45 p.m.6 views

BIT-JAVA-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

7.5CVSS5.8AI score0.012EPSS
Exploits0References14
OSV
OSV
added 2026/05/06 2:45 p.m.7 views

BIT-JAVA-MIN-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6AI score0.00161EPSS
Exploits0References17
OSV
OSV
added 2026/05/06 2:45 p.m.6 views

BIT-JAVA-MIN-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.1AI score0.00324EPSS
Exploits3References3
OSV
OSV
added 2026/05/06 2:45 p.m.4 views

BIT-JAVA-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.1AI score0.00324EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38055

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

7.5CVSS6.7AI score0.012EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37848

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

7.5CVSS6.7AI score0.012EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38056

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.7AI score0.00339EPSS
Exploits1References41
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37959

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37825

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References7
OSV
OSV
added 2026/05/05 9:5 p.m.6 views

USN-8220-1 htmlunit vulnerability

It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit...

9.8CVSS7.8AI score0.02378EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.10 views

Fedora 44 : emacs (2026-49b8ca7981)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49b8ca7981 advisory. Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. Tenable has extracted the preceding description block directly from the Fedora...

7.1CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 9:0 p.m.18 views

Missing Release of Memory after Effective Lifetime

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the XSLT::Stylesheettransform function, when a string parameter containing a null byte is processed, preventing...

8.2CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-26067

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS0.00246EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 4:43 p.m.10 views

October CMS has Safe Mode Bypass via CSS Preprocessor Compilers

A server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the compiler's import functionality to read arbitrary files from the server. This worked even...

4.9CVSS5.8AI score0.00246EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/15 11:4 p.m.5 views

CVE-2026-6300

An use after free flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491994185...

8.8CVSS5.7AI score0.00341EPSS
Exploits0References5
Rows per page
Query Builder