Lucene search
K

127 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 11:9 a.m.12 views

CVE-2026-57438

A flaw was found in Nokogiri, an XML and HTML library for the Ruby programming language. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially...

6.6CVSS5.7AI score0.00093EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 4:16 p.m.11 views

CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS0.00093EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:39 p.m.31 views

CVE-2026-57438 Nokogiri: Possible Use-After-Free in XInclude Processing

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

5.9CVSS0.00093EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:39 p.m.5 views

EUVD-2026-39429

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

5.9CVSS5.9AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:39 p.m.22 views

CVE-2026-57438

Nokogiri (Ruby) prior to 1.19.4 is vulnerable to a use-after-free in XInclude processing: Nokogiri::XML::Node#do_xinclude frees the xi:include node, its children, and namespaces, potentially leaving Ruby objects pointing at freed memory. This can lead to invalid memory reads/writes. The issue is ...

6.6CVSS5.9AI score0.00093EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52475

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description An issue exists in the XInclude substitution process where the do xinclude function in Nokogiri::XML::Node replaces each element in place. This process frees the include node, its children such as...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 4:37 p.m.10 views

GHSA-WFPW-MMFH-QQ69 Nokogiri: Possible Use-After-Free in XInclude Processing

Summary XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 4:37 p.m.11 views

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the doxinclude. An attacker can cause invalid memory reads or writes by exposing nodes or namespaces to Ruby before invoking XInclude processing. Note: This is...

7.3CVSS5.8AI score0.00093EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...

7.5CVSS6.7AI score0.01364EPSS
Exploits3References2
OSV
OSV
added 2026/05/13 8:53 a.m.11 views

CLSA-2026-1778492595 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:46 a.m.7 views

BIT-JRE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.01364EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38830

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.01364EPSS
Exploits3References8
OSV
OSV
added 2026/05/06 2:44 p.m.4 views

BIT-JAVA-MIN-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01364EPSS
Exploits3References7
OSV
OSV
added 2026/05/06 2:44 p.m.7 views

BIT-JAVA-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01364EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38016

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01364EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37809

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01364EPSS
Exploits3References8
RedhatCVE
RedhatCVE
added 2026/03/29 6:0 p.m.9 views

CVE-2026-4980

A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...

6.3CVSS5.7AI score0.00202EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted...

6.3CVSS6AI score0.00202EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/27 3:30 p.m.5 views

EUVD-2026-16659

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
Rows per page
Query Builder