2735 matches found
CVE-2026-57074 XML::Bare versions through 0.53 for Perl have an unbounded character lookahead
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...
CVE-2026-13401 XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...
EUVD-2026-44964
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...
perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names
A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...
[SECURITY] Fedora 43 Update: mingw-expat-2.8.2-1.fc43
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
[SECURITY] Fedora 44 Update: mingw-expat-2.8.2-1.fc44
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
PYSEC-2026-718 NULL Pointer Dereference in OpenCV.
An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...
ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33036 CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-26278 CVE-2026-26278 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-26278 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
CVE-2026-12975
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...
CVE-2026-44020
A flaw was found in docling. An attacker could exploit an XML External Entity XXE vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery SSRF attacks, or...
CVE-2026-44020
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...
CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...
CVE-2026-57303
Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...
EUVD-2026-38784
Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...
Security Bulletin: Security Vulnerabilities were found in IBM Security Verify Directory (CVE-2018-2799)
Summary Security Vulnerabilities were addressed in IBM Security Verify Directory Vulnerability Details CVEID:CVE-2018-2799 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171,...