Lucene search
+L

2735 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-57074 XML::Bare versions through 0.53 for Perl have an unbounded character lookahead

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13401 XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...

0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44964

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...

6.1AI score0.00186EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago9 views

perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names

A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...

7.5CVSS6AI score0.00629EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/06 3:10 p.m.7 views

[SECURITY] Fedora 43 Update: mingw-expat-2.8.2-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

6.9CVSS6AI score0.00218EPSS
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.9 views

[SECURITY] Fedora 44 Update: mingw-expat-2.8.2-1.fc44

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

6.9CVSS6AI score0.00218EPSS
Exploits0
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-718 NULL Pointer Dereference in OpenCV.

An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

7.5CVSS6AI score0.0337EPSS
Exploits1References7
OSV
OSV
added 2026/06/30 7:39 a.m.10 views

ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:39 a.m.7 views

ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

5.9CVSS5.8AI score0.00449EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:39 a.m.11 views

ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

6.1CVSS5.8AI score0.00238EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:39 a.m.6 views

ROOT-APP-NPM-CVE-2026-33036 CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00576EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:39 a.m.11 views

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

9.3CVSS5.3AI score0.00445EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:39 a.m.24 views

ROOT-APP-NPM-CVE-2026-26278 CVE-2026-26278 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-26278 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.5AI score0.00811EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:12 p.m.9 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.12 views

CVE-2026-44020

A flaw was found in docling. An attacker could exploit an XML External Entity XXE vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery SSRF attacks, or...

9.4CVSS5.9AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 6:17 p.m.16 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6.1AI score0.00334EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38784

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 11:53 a.m.13 views

Security Bulletin: Security Vulnerabilities were found in IBM Security Verify Directory (CVE-2018-2799)

Summary Security Vulnerabilities were addressed in IBM Security Verify Directory Vulnerability Details CVEID:CVE-2018-2799 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171,...

5.3CVSS6.3AI score0.15141EPSS
Exploits0Affected Software1
Rows per page
Query Builder