CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/11 12:0 a.m.•2 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : OWSLib vulnerability (USN-8247-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8247-1 advisory. It was discovered that OWSLib did not properly disable entity resolution within its XML parser. An attacker could possibly use...

8.2CVSS6AI score0.00977EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Docling 安全漏洞

Docling is an open-source multi-format document parsing and AI integration tool developed by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.parse to parse XML files without disabling entity parsin...

7.5CVSS5.8AI score0.00351EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

5.8AI score0.00351EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31248

5.8AI score0.00278EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•7 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

7.5CVSS7.3AI score0.05061EPSS

Exploits0References4

Tenable Nessus•added 2026/05/11 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-8177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name...

Tenable Nessus•added 2026/05/11 12:0 a.m.•7 views

Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017542)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017542 advisory. A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE...

7.5CVSS6.7AI score0.17611EPSS

Exploits0References4

EUVD•added 2026/05/10 9:30 p.m.•7 views

EUVD-2026-29000

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

5.8AI score0.00472EPSS

NVD•added 2026/05/10 9:16 p.m.•12 views

CVE-2026-8177

7.5CVSS0.00472EPSS

Exploits0References5

OSV•added 2026/05/10 9:16 p.m.•3 views

DEBIAN-CVE-2026-8177

Cvelist•added 2026/05/10 8:48 p.m.•33 views

Exploits0References1

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

0.00472EPSS

Vulnrichment•added 2026/05/10 8:48 p.m.•7 views

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

5.8AI score0.00472EPSS

Debian CVE•added 2026/05/10 8:48 p.m.•7 views

CVE-2026-8177

CVE•added 2026/05/10 8:48 p.m.•24 views

Exploits0

CVE-2026-8177

XML::LibXML for Perl versions up to 2.0210 parses XML node names containing truncated UTF-8 byte sequences, causing out-of-bounds reads in heap memory when a node name ends mid-multi-byte UTF-8. This can crash the Perl process and lead to denial of service. Evidence across multiple sources (NVD/S...