Astra Linux – Vulnerability in Firefox

A vulnerability was identified in Thunderbird, where XPath parsing could trigger undefined behavior due to the lack of null checks during attribute access. This could lead to out-of-bounds read access and, potentially, memory corruption. This vulnerability has been fixed in Firefox 138, Firefox E...

SUSE CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Mitigation Mitigation is either unavailable or does not meet Red Hat Product Security...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2025-1671)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2025-1621)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference due to a null pointer dereference while processing XPath XML expressions. An attacker can cause a crash and disrupt service availability by sending specially crafted input that triggers the dereference...

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2025-1599)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never...

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2025-1600)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never...

RHEL 10 : firefox (RHSA-2025:7506)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:7506 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

CVE-2025-46341 Privilege escalation via SSRF when using HTTP auth

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User header by making specially crafted requests via the add feed functionality an...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-038 (ALASFIREFOX-2025-038)

The version of firefox installed on the remote host is prior to 128.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-038 advisory. An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE...

BIT-GITLAB-2024-12093 Improper Validation of Consistency within Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2022-24309

A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

UBUNTU-CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...