CVE-2022-50807

...

Astra Linux – Vulnerability in libxml2

Uncontrolled recursion occurs during XPath evaluation in libxml2, including in versions up to and including 2.9.14. This allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset t...

MiracleLinux 8 : firefox-128.10.0-1.el8_10.ML.1 (AXSA:2025-9933:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9933:13 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

MiracleLinux 8 : thunderbird-128.10.0-1.el8_10.ML.1 (AXSA:2025-9937:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9937:11 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

PT-2026-2364

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...

MiracleLinux 7 : libxslt-1.1.28-6.0.2.el7.AXS7 (AXSA:2025-9856:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9856:03 advisory. CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations CVEs: CVE-2025-24855 numbers.c in libxslt...

CVE-2024-2645

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...

CVE-2024-2648

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...

PT-2026-27134

Name of the Vulnerable Software and Affected Versions github.com/antchfx/xpath affected versions not specified Description A flaw exists in the github.com/antchfx/xpath component that allows a remote attacker to cause a Denial of Service DoS condition. This is achieved by submitting crafted Boole...

Unity Linux 20.1070e Security Update: libxml2 (UTSA-2025-993313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993313 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libxml2 (UTSA-2025-991295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991295 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

EUVD-2025-201297

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

CVE-2025-1545 is a WatchGuard Fireware OS XPath Injection affecting Firebox with at least one authentication hotspot configured. The issue allows remote, unauthenticated retrieval of configuration data via an exposed authentication/management web interface. Affected versions: 11.11–11.12.4+541730...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

PT-2025-49165

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.11 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A remote...