Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use thi...

PT-2026-41933

Name of the Vulnerable Software and Affected Versions Eclipse GlassFish version 8.0.0 Eclipse GlassFish versions prior to 7.1.0 Description A critical Expression Language EL injection issue exists in the server-side template rendering mechanism used by the GlassFish gadget handler. The applicatio...

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

CVE-2025-59031

Summary of CVE-2025-59031 (Dovecot) : A script provided by Dovecot for text conversion mishandles zip-style attachments. This can allow an attacker to craft OOXML documents that cause unintended files to be indexed and end up in full-text search (FTS) indexes. The underlying impact is limited to ...

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

EulerOS Virtualization 2.13.1 : expat (EulerOS-SA-2025-2622)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted fo...

EUVD-2006-1356

Malware in sbrugna...

EUVD-2016-2932

Malware in sbrugna...

EUVD-2011-1756

Malware in sbrugna...

EUVD-2020-17905

Malware in sbrugna...

EUVD-2020-27999

Malware in sbrugna...

EUVD-2022-2692

Malicious code in bioql PyPI...

EUVD-2022-3731

Malicious code in bioql PyPI...

EUVD-2024-22993

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2008-2956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service memory consumption via malformed XML documents...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2025-1795)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

EulerOS 2.0 SP12 : expat (EulerOS-SA-2025-1582)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an...