cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

EUVD-2026-25825

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

MiracleLinux 8 : dotnet9.0-9.0.116-1.el8_10 (AXSA:2026-500:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-500:08 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203...

PT-2026-35401

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

RHEL 8 : python3.12 (RHSA-2026:10950)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10950 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

EUVD-2018-21802

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

CVE-2018-25282 Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

CVE-2018-25282

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

Nmap 安全漏洞

Nmap is an open-source tool for network discovery and security scanning developed by Nmap. Version 7.70 of Nmap contains a security vulnerability. This vulnerability arises from handling malicious XML files containing exponentially growing entity extensions, which can lead to a denial-of-service...

OESA-2026-2011 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

[SECURITY] Fedora 44 Update: qt6-qtsvg-6.10.3-1.fc44

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

[SECURITY] Fedora 44 Update: qt6-qtbase-6.10.3-1.fc44

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...