BIT-JRE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

BIT-JAVA-MIN-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

Astra Linux - уязвимость в libxml2

Uncontrolled recursion occurs during XPath evaluation in libxml2, including in versions up to and including 2.9.14. This allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset t...

DEBIAN-CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

TencentOS Server 4: libxslt (TSSA-2025:0588)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0588 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2018-14404)

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

CVE-2025-9714 Stack overflow in libxml2

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

SUSE CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

Linux Distros Unpatched Vulnerability : CVE-2025-24855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is...

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2025-1600)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never...

SUSE CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

ALPINE-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

Null pointer vulnerability in libxml2 'xpath.c:xmlXPathCompOpEval()' function

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xpath.c:xmlXPathCompOpEval' function in libxml2...

Directory Traversal Through XML External Entity (XXE)

wiremock is vulnerable to directory traversal through XML External Entity XXE attacks. The application does not disable DTD during XPATH Evaluation, allowing a malicious user to traverse the directory...

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

ActiveMQ: XXE via XPath expression evaluation

It was discovered that Apache ActiveMQ performed XML External Entity XXE expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible ...

ActiveMQ: XXE via XPath expression evaluation

It was discovered that Apache ActiveMQ performed XML External Entity XXE expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible ...