Lucene search
K

343 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 12:0 a.m.9 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2026/05/12 9:7 p.m.10 views

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.5-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: Fix quadratic runtime from attribute name collision chec...

7.5CVSS5.8AI score0.00428EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:52 p.m.9 views

CVE-2026-41895

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.10 views

SUSE CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS5.7AI score0.00428EPSS
Exploits1References6
OSV
OSV
added 2026/05/11 10:11 a.m.5 views

OPENSUSE-SU-2026:20737-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/10 7:16 a.m.12 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/10 7:16 a.m.4 views

UBUNTU-CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/10 6:36 a.m.59 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS0.00428EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39462

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.1 Description The computational complexity of attribute name collision checks allows a denial of service when processing moderately sized crafted XML input. Recommendations Update to version 2.8.1 or later...

7.8CVSS5.7AI score0.00428EPSS
Exploits1References58
Cvelist
Cvelist
added 2026/04/28 5:41 p.m.30 views

CVE-2026-6807 NSA GRASSMARLIN Improper Restriction of XML External Entity Reference

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...

5.5CVSS0.00197EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

7.5CVSS6AI score0.00324EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/21 11:41 a.m.7 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00604EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/21 11:21 a.m.13 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

9.8CVSS5.8AI score0.00604EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/21 11:21 a.m.7 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00604EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/20 7:23 p.m.6 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00604EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/20 7:23 p.m.13 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.7AI score0.00604EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/16 9:15 p.m.6 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00604EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/16 9:15 p.m.7 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.8AI score0.00604EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/16 12:31 p.m.6 views

EUVD-2024-55549

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

3.5CVSS5.8AI score0.00273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

AlmaLinux 8 : perl-XML-Parser (ALSA-2026:7681)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7681 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and deni...

9.8CVSS5.9AI score0.00604EPSS
Exploits0References4
Rows per page
Query Builder