Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-060 (ALASFIREFOX-2026-060)

The version of firefox installed on the remote host is prior to 140.10.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-060 advisory. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of...

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes th...

PT-2025-19789 · Lxml +1 · Lxml +1

Name of the Vulnerable Software and Affected Versions: Langroid versions prior to 0.53.4 Description: A LLM application leveraging the XMLToolMessage class may be exposed to untrusted XML input, potentially resulting in Denial of Service DoS and/or exposing local files with sensitive information...

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. When it is possible for a user is able to submit XML files to the application delivery, the vulnerability could potentially be exploited to execute shell commands under application privileges. Only applications using the default blacklist functionality,...