CVE-2026-45771

FreeSWITCH (before version 1.11.0) is vulnerable to a Denial-of-Service via its bundled XML parser, which expands nested declarations without a bound, allowing an unauthenticated attacker to drive unbounded CPU/memory usage by sending a crafted SIP PUBLISH PIDF body. The issue arises because the...

Security update for cockpit

This update for cockpit fixes the following issues CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. CVE-2026-4802: remote command execution via unsanitized...

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity...

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

CVE-2026-31248

CVE-2026-31248 affects Docling's METS GBS backend up to version 2.61.0. The backend parses XML from .tar.gz archives using etree.fromstring() without disabling entity resolution, enabling XML Entity Expansion (XXE) via nested entity definitions (XML Bomb). Processing such a crafted XML can cause ...

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

svgo: SVGO: Denial of Service via XML entity expansion

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:13512)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13512 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

EUVD-2018-21802

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

CVE-2018-25282 Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

XML Entity Expansion

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...

Linux Distros Unpatched Vulnerability : CVE-2026-33036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation January 2026 security fixes update this dependency to 4.6.20 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

CVE-2026-29074

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...

XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...