CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2025-24855

CVE-2025-24855 affects libxslt, specifically numbers.c, where a use-after-free can occur during nested XPath evaluations if the XPath context node is modified but not restored. The issue is documented as a Use-After-Free in numbers.c and is connected to related code paths xsltNumberFormatGetValue...

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

libxslt -- multiple vulnerabilities

CVE-2024-55549 Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2025-24855 Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in...

Linux Distros Unpatched Vulnerability : CVE-2011-1944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause ...

GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

Summary Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Details The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security iss...

GHSA-W3PJ-WH35-FQ8W GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

Summary Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Details The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security iss...

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

[SECURITY] Fedora 40 Update: libxml2-2.12.9-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

PT-2025-25520

Name of the Vulnerable Software and Affected Versions libxml2 versions affected versions not specified Description A use-after-free issue was found in libxml2, occurring when parsing XPath elements under certain circumstances, specifically when the XML schematron contains the "sch:name path" sche...

PT-2025-25521

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description A NULL pointer dereference issue was discovered in libxml2 when processing XPath XML expressions. This allows an attacker to create malicious XML input, resulting in a denial of service...

[SECURITY] Fedora 41 Update: libxml2-2.12.9-1.fc41

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

PT-2025-11227

Name of the Vulnerable Software and Affected Versions: libxslt versions prior to 1.1.43 Description: The issue is related to a use-after-free error in the numbers.c file of libxslt. This occurs during nested XPath evaluations, where an XPath context node can be modified but never restored. The...

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

GHSA-JW9C-MFG7-9RX2 SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

HTTP Blind XPATH 1.0 Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Blind XPATH 1.0 Injector', 'Description' = %q This module exploits blind XPATH 1.0 injections over HTTP GET requests. , 'Author' = 'et at...

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...