343 matches found
CVE-2026-39053
Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...
[slackware-security] expat
New expat packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.5-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: Fix quadratic runtime from attribute name collision chec...
CVE-2026-41895
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...
SUSE CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
OPENSUSE-SU-2026:20737-1 Security update for python-lxml
This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...
CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
UBUNTU-CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
PT-2026-39462
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.1 Description The computational complexity of attribute name collision checks allows a denial of service when processing moderately sized crafted XML input. Recommendations Update to version 2.8.1 or later...
CVE-2026-6807 NSA GRASSMARLIN Improper Restriction of XML External Entity Reference
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
Linux Distros Unpatched Vulnerability : CVE-2026-41066
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...
Important: Red Hat Security Advisory: perl-XML-Parser security update
An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
EUVD-2024-55549
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...
AlmaLinux 8 : perl-XML-Parser (ALSA-2026:7681)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7681 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and deni...