CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/21 8:38 p.m.•1 views

GHSA-VFMQ-68HX-4JFW lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...

7.5CVSS5.8AI score0.00044EPSS

Exploits1References5

Github Security Blog•added 2026/04/21 8:38 p.m.•28 views

lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

7.5CVSS5.8AI score0.00044EPSS

Exploits1References5Affected Software1

AlpineLinux•added 2026/04/21 8:35 p.m.•2 views

CVE-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

7.5CVSS7.3AI score0.00154EPSS

Exploits0

RedHat Linux•added 2026/04/21 11:41 a.m.•6 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.7AI score0.00035EPSS

RedHat Linux•added 2026/04/21 11:41 a.m.•4 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

9.8CVSS6AI score0.00035EPSS

RedHat Linux•added 2026/04/21 11:21 a.m.•7 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

RedHat Linux•added 2026/04/21 11:21 a.m.•5 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

9.8CVSS6AI score0.00035EPSS

RedHat Linux•added 2026/04/21 10:18 a.m.•3 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

9.8CVSS5.7AI score0.00035EPSS

OSV•added 2026/04/21 10:10 a.m.•5 views

RHSA-2026:9110 Red Hat Security Advisory: perl-XML-Parser security update

Bulletin has no description...

8.8CVSS5.6AI score0.00035EPSS

Exploits0References17

Tenable Nessus•added 2026/04/21 12:0 a.m.•8 views

RHEL 10 : perl-XML-Parser (RHSA-2026:9110)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9110 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark...

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

RHEL 9 : perl-XML-Parser (RHSA-2026:9258)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9258 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

RHEL 9 : perl-XML-Parser (RHSA-2026:9246)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9246 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

FreeBSD : ejabberd -- Potential DDoS in XML Parser (82064ab5-3d76-11f1-89ab-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82064ab5-3d76-11f1-89ab-901b0e9408dc advisory. ejabberd team reports: This release adds new options that limit max memory used by XML parser used to...

5.8AI score

Exploits0References2

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

RHEL 9 : perl-XML-Parser (RHSA-2026:9259)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9259 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

RedHat Linux•added 2026/04/20 7:23 p.m.•3 views

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

9.8CVSS6AI score0.00035EPSS

RedHat Linux•added 2026/04/20 7:23 p.m.•4 views

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.7AI score0.00035EPSS