Security update for python-lxml (moderate)

openSUSE security update: security update for python-lxml ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20737-1 Rating: moderate References: bsc1263254 Cross-References: CVE-2026-41066 CVSS scores: CVE-2026-41066 SUSE : 5.9...

CVE-2026-41895

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

OPENSUSE-SU-2026:20737-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

Medium: javapackages-bootstrap

Issue Overview: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method...

Linux Distros Unpatched Vulnerability : CVE-2026-24400

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External...

CVE-2026-24400

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

EUVD-2025-13410

Malicious code in bioql PyPI...

CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

rexml: DoS vulnerability in REXML

An uncontrolled resource consumption vulnerability was found in REXML. When parsing an untrusted XML with many specific characters such as , it can lead to a denial of service...

XML External Entity (XXE) Injection

simplesamlphp is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of untrusted XML input, which allows attackers to exploit maliciously crafted XML documents, such as SAMLResponse, to access sensitive information or perform other malicious activities...

MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

CVE-2022-37189

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...