CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Tenable Nessus•added 22 hours ago•1 views

AIX : Multiple Vulnerabilities (IJ58140)

The version of AIX installed on the remote host is prior to APAR IJ58140. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58140 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References6

Snyk•added 2026/05/20 3:35 p.m.•6 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Crawler::addXmlContent XML parsing logic. An attacker can read arbitrary local files by supplying crafted XML containing external entities, as validateOnParse re-enables DTD processing and...

8.8CVSS6AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в libxmltok

In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...

7.5CVSS7.1AI score0.00203EPSS

Exploits1References2

Tenable Nessus•added 2026/04/25 12:0 a.m.•3 views

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:1596-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1596-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncati...

7.5CVSS5.6AI score0.0002EPSS

Exploits0References19

Snyk•added 2026/04/21 8:38 p.m.•1 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the iterparse or ETCompatXMLParser functions when resolveentities is set to allow external entities. An attacker can access local files by providing crafted XML input containing external entity...

8.7CVSS6AI score0.00044EPSS

Exploits1References2

Snyk•added 2026/04/13 10:11 p.m.•1 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.9CVSS6AI score0.00019EPSS

Exploits0References2

IBM Security Bulletins•added 2026/03/30 9:4 a.m.•4 views

Security Bulletin: IBM Content Navigator is affected by JDOM

Summary IBM Content Navigator is affected by CVE-2021-33813, an XML External Entity XXE injection vulnerability CWE-611 in the SAXBuilder component of the JDOM library through version 2.0.6. A remote attacker could exploit this via a crafted HTTP request to cause a denial of service condition. Th...

7.5CVSS6.8AI score0.01393EPSS

Exploits1Affected Software1

EUVD•added 2026/03/26 3:30 p.m.•0 views

EUVD-2026-16181

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, SICORE Base system All versions V26.10.0. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated...

8.7CVSS5.7AI score0.00057EPSS

Exploits1References2

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.2.ML.1 (AXSA:2024-8811:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8811:05 advisory. rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, and CVE-2024-41123 rexml: DoS...

7.5CVSS7.8AI score0.01167EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:18 p.m.•4 views

CVE-2018-10585

Pexip Infinity before 18 allows remote Denial of Service XML parsing...

7.8CVSS7.1AI score0.00682EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:5 a.m.•4 views

CVE-2019-20815

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing...

7.5CVSS7AI score0.00035EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/03 6:6 a.m.•9 views

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

8.1CVSS7.7AI score0.70761EPSS

Exploits3Affected Software1

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 3: pki-core (TSSA-2022:0269)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0269 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS8.2AI score0.90688EPSS

Exploits3References2

Rockylinux•added 2025/11/06 9:8 a.m.•3 views

expat security update

An update is available for expat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: expat: libexpa...

7.5CVSS7AI score0.00102EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-10754

Malware in sbrugna...

6.5CVSS6.3AI score0.00523EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-10562

Malware in sbrugna...

6.5CVSS6.3AI score0.0068EPSS

Exploits1References4