Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions

...

CVE-2026-32287 Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

CVE-2026-32287

CVE-2026-32287 is an XPath Boolean expression vulnerability that can cause an infinite loop and 100% CPU usage in logicalQuery.Select. Connected advisories identify the issue across multiple packages (e.g., amazon-cloudwatch-agent, telegraf, terraform) with patched versions available (e.g., teleg...

CVE-2026-4645

Removed by vendor...

Fedora: Security Advisory for jaxen (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jaxen-1.2.0-17.fc40

Jaxen is an open source XPath library written in Java. It is adaptable to many different object models, including DOM, XOM, dom4j, and JDOM. Is it also possible to write adapters that treat non-XML trees such as compil ed Java byte code or Java beans as XML, thus enabling you to query these trees...

The vulnerability of the JXPath object processing library, related to the failure of the operation outside the buffer in memory, allows a attacker to trigger a service failure.

The vulnerability of the JXPath object processing library is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...