AZL-58644 CVE-2025-24855 affecting package libxslt for versions less than 1.1.34-8

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

GeoServer Code Injection Vulnerability

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code injection vulnerability exists in GeoServer that stems from insecurely resolving attribute names to XPath expressions, which could lead to remote code...

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

DEBIAN-CVE-2011-2821

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...