Lucene search
K

17 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.9 views

CVE-2026-40998 Jaxp13 XPath XXE via StreamSource and SAXSource

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted...

8.2CVSS5.5AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.15 views

CVE-2026-41895

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.7 views

SUSE CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

5.9CVSS5.3AI score0.00324EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005310 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those...

5.3CVSS8AI score0.02064EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/02/06 4:42 p.m.5 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS5.5AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 1:42 p.m.1 views

USN-7658-1 drupal7 vulnerabilities

It was discovered that Drupal incorrectly parsed untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...

6.9CVSS6AI score0.99019EPSS
Exploits11References3
RedHat Linux
RedHat Linux
added 2025/04/23 10:34 a.m.0 views

rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>

A vulnerability was found in REXML, an XML toolkit used for Ruby. When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. Some of these special characters include the whitespace character, '', and ''...

7.5CVSS7.3AI score0.01283EPSS
Exploits0References8
Snyk
Snyk
added 2025/03/03 6:47 a.m.1 views

Arbitrary Code Injection

Overview org.webjars:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by...

5.4CVSS7.3AI score0.00293EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/02/11 1:37 p.m.8 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2025/02/11 12:55 p.m.4 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
OSV
OSV
added 2025/01/30 1:45 p.m.3 views

USN-7246-1 jquery vulnerabilities

It was discovered that jQuery incorrectly handled parsing untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...

6.9CVSS6.8AI score0.99019EPSS
Exploits11References3
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.8 views

The vulnerability of the Skia graphic library used by Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of the Skia graphic library in Microsoft Edge and Google Chrome exists due to a boundary error in processing untrusted HTML content. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

10CVSS7.6AI score0.00428EPSS
Exploits0References12Affected Software5
RedHat Linux
RedHat Linux
added 2024/09/18 9:15 p.m.3 views

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

7.5CVSS7.3AI score0.01192EPSS
Exploits0References8
OSV
OSV
added 2024/07/16 6:15 p.m.11 views

AZL-45435 CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

4.3CVSS6.5AI score0.01493EPSS
Exploits0References1
OSV
OSV
added 2023/08/08 2:10 p.m.5 views

USN-6277-1 php-dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

9.8CVSS7.4AI score0.04556EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2021/12/22 6:15 a.m.6 views

CVE-2021-44030

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery...

6.1CVSS6.4AI score0.04162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/04/30 12:0 a.m.7 views

PT-2021-4589

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML...

10CVSS7AI score0.51733EPSS
Exploits23References146
Rows per page
Query Builder