Lucene search
K

2165 matches found

Fedora
Fedora
added 2026/07/06 2:55 p.m.8 views

[SECURITY] Fedora 44 Update: mingw-expat-2.8.2-1.fc44

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

6.9CVSS6AI score0.00218EPSS
Exploits0
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56364

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS0.00123EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:2 p.m.6 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score0.00373EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

7.1CVSS0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 3:40 p.m.29 views

CVE-2026-44018

CVE-2026-44018 affects Docling’s METS-GBS backend. From versions 2.45.0 through 2.91.0, XML parsing and input document format detection lacked security controls, enabling crafted METS-GBS archives to read sensitive files, exhaust resources, or crash the application. The issue is fixed in 2.91.0. ...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 3:40 p.m.2 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS6AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLED15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:2580-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2580-1 advisory. This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues ...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References88
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.27 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 3:16 p.m.7 views

UBUNTU-CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 1:25 p.m.2 views

SUSE-SU-2026:2580-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. -...

7.5CVSS6.1AI score0.01849EPSS
Exploits4References59
RedHat Linux
RedHat Linux
added 2026/06/22 3:59 a.m.25 views

Low: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability...

7.5CVSS6.1AI score0.02298EPSS
Exploits1References2
NVD
NVD
added 2026/06/21 8:16 p.m.13 views

CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

7.5CVSS0.00279EPSS
Exploits0References8
CVE
CVE
added 2026/06/21 7:15 p.m.27 views

CVE-2026-12805

The vulnerability CVE-2026-12805 affects OFFIS DCMTK up to 3.7.0, specifically the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc. A heap-based buffer overflow can be triggered remotely via manipulation. An exploit has been published and may be used. The patch is tracked by commit 1d4b3815c...

7.5CVSS6.5AI score0.00279EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/21 7:15 p.m.24 views

CVE-2026-12805 OFFIS DCMTK ofxml.cc parseFile heap-based overflow

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

7.5CVSS0.00279EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 3:0 a.m.11 views

EUVD-2026-37977

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.6AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 8:16 p.m.17 views

CVE-2026-48981

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS0.00115EPSS
Exploits0References2
Rows per page
Query Builder