CVE-2026-4645

Rejected reason: Duplicate of CVE-2026-32287...

UBUNTU-CVE-2026-4645

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

CVE-2026-4645

An issue in the github.com/antchfx/xpath component allows a remote attacker to submit crafted Boolean XPath expressions that evaluate to true, triggering an infinite loop in the logicalQuery.Select function and causing 100% CPU utilization and a Denial of Service (DoS) on affected systems. CVSS v...

CVE-2026-4645

Duplicate of CVE-2026-32287...

CVE-2026-4645

...

CVE-2026-4645

Removed by vendor...

CVE-2026-4645

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

PT-2026-28438

Name of the Vulnerable Software and Affected Versions versions prior to 2026-32287 Description Boolean XPath expressions that evaluate to true can cause an infinite loop within the logicalQuery.Select function, resulting in 100% CPU utilization. This condition can be initiated by top-level...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

changedetection.io 代码注入漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a code injection vulnerability. This vulnerability stemmed from unvalidated or uncleaned XPath expressions,...

changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()

Summary - The changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. - XPath 3.0 includes the unparsed-text function...

Arbitrary Code Injection

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Arbitrary Code Injection via the unparsed-text function in XPath expressions processed by the application. An attacker can access and read arbitrary files from the...

PT-2026-23090

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description The changedetection.io application allows users to specify XPath expressions as content filters via the include filters field. These XPath expressions are processed using the elementpath...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.1)

The version of AHV installed on the remote host is prior to AHV-11.0.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.1 advisory. - Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to...

CVE-2026-24343

Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...