Lucene search
K

1189 matches found

Snyk
Snyk
added 2026/04/10 8:59 p.m.2 views

XML Entity Expansion

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/07 1:8 p.m.8 views

XML Entity Expansion

fast-xml-parser is vulnerable to XML Entity Expansion. The vulnerability is due to missing enforcement of entity expansion limits for numeric and standard XML entities, which allows an attacker to supply crafted XML with excessive entity references to trigger high memory and CPU consumption leadi...

7.5CVSS5.9AI score0.00576EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/26 7:26 a.m.5 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.63 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

7.5CVSS6.7AI score0.02006EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:49 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.2 Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no...

8.7CVSS7AI score0.02591EPSS
Exploits7Affected Software1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.19 views

esaml 安全漏洞

esaml is a library developed by Australian developer Lexi Wilson for handling SAML authentication. It provides functions for SAML service providers and identity providers. esaml has a security vulnerability, which stems from the undisabled XML entity extensions. This vulnerability may lead to XML...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass...

7.5CVSS5.7AI score0.00811EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/03/19 5:49 p.m.11 views

SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials

Summary SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG output. This could allow Cross-Site Scripting XSS when applications pass untrusted input to createAvatar and serve the resulting SVG inline or...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2026/03/19 7:41 a.m.8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

7.5CVSS6.6AI score0.02006EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 5:38 p.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation January 2026 security fixes update this dependency to 4.6.20 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

9.1CVSS7.1AI score0.03992EPSS
Exploits5Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/13 4:39 p.m.7 views

CVE-2026-29074

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

7.5CVSS5.7AI score0.00612EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/03/11 5:1 a.m.10 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.18.35 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

7.5CVSS6.7AI score0.02006EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.10 views

SVGO 安全漏洞

SVGO is an open-source SVG file optimization tool. Versions of SVGO prior to 2.1.0, 2.8.1, 3.0.0, 3.3.3, and 4.0.1 have security vulnerabilities due to insufficient protection against entity expansion when processing XML custom entities, which may lead to denial-of-service attacks...

7.5CVSS7.1AI score0.00612EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/04 10:59 p.m.2 views

XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...

8.7CVSS5.8AI score0.00612EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/04 10:59 p.m.15 views

SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)

Summary SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file 811 bytes stalling the application and even crashing the Node.js process with JavaScript heap out of memory. Details The upstream XML parser sax doesn't interpr...

7.5CVSS6AI score0.00612EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/04 10:59 p.m.8 views

XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...

8.7CVSS5.8AI score0.00612EPSS
Exploits1References2
OSV
OSV
added 2026/02/17 9:30 p.m.2 views

GHSA-JMR7-XGP7-CMFJ fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

Summary The XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Details There is a check in DocTypeReader.js that trie...

7.5CVSS6.1AI score0.00811EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/17 7:28 a.m.18 views

CVE-2026-2536

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...

6.5CVSS5.3AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7979

CVE-2026-26041 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2026-26041 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/09 2:45 p.m.12 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-65637 DESCRIPTION: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger th...

8.9CVSS5.7AI score0.03992EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-25128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0...

7.5CVSS5.6AI score0.00559EPSS
Exploits1References2
Rows per page
Query Builder