ASB-A-463980379

In pnginitreadtransformations of pngrtran.c, there is a possible way to cause a persistent denial of service due to a heap buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-38869

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

PT-2026-38870

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

CVE-2026-33587

CVE-2026-33587 affects Open Notebook v1.8.3 and is due to lack of user input sanitisation enabling Server-Side Template Injection (SSTI). This allows an application user to run Python code within the server context and, consequently, execute OS commands inside the Docker container for user-create...

PT-2026-37849

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

PT-2026-38056

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

USN-8220-1 htmlunit vulnerability

It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit...

SUSE CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

EUVD-2025-29509

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

CVE-2025-24293

CVE-2025-24293 affects Rails with Active Storage using image_processing/mini_magick; unsafe allowed transformation methods enable potential command injection when untrusted input reaches blob.variant, per multiple sources. Impact reported as high/critical (CVSS 4.0 base 9.2). Remediation in vario...

Semantics-Preserving Evasion of LLM Vulnerability Detectors

LLM-based vulnerability detectors are increasingly deployed in security-critical code review, yet their resilience to evasion under behavior-preserving edits remains poorly understood. We evaluate detection-time integrity under a semantics-preserving threat model by instantiating diverse...

CLSA-2026-1768911013 libpng: Fix of CVE-2025-64720

CVE-2025-64720: fix buffer overflow in pnginitreadtransformations function during palette compositing with optimized alpha...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.452.b09-2.el8 (AXSA:2025-9868:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9868:07 advisory. JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Libxslt vulnerability (USN-7945-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7945-1 advisory. Ivan Fratric discovered that Libxslt was vulnerable to type confusion when performing XML...

USN-7945-1: Libxslt vulnerability

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when performing XML transformations. An attacker could possibly use this issue to cause Libxslt to crash or corrupt memory, causing a denial of service or undefined behavior...

USN-7945-1 libxslt vulnerability

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when performing XML transformations. An attacker could possibly use this issue to cause Libxslt to crash or corrupt memory, causing a denial of service or undefined behavior...

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2025-2365)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion...

EulerOS 2.0 SP10 : libxslt (EulerOS-SA-2025-2422)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion...

Automated Hardware Trojan Insertion in Industrial-Scale Designs

Industrial Systems-on-Chips SoCs often comprise hundreds of thousands to millions of nets and millions to tens of millions of connectivity edges, making empirical evaluation of hardware-Trojan HT detectors on realistic designs both necessary and difficult. Public benchmarks remain significantly...

EulerOS 2.0 SP13 : libxslt (EulerOS-SA-2025-2270)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion...