Security Bulletin: Vulnerabilities in libxml2 (CVE-2026-0989, CVE-2026-0990, CVE-2026-0992) affect AIX

Summary Vulnerabilities in libxml2 could cause a denial of service CVE-2026-0989, CVE-2026-0990, CVE-2026-0992. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2026-6732 DESCRIPTION: A flaw was found in libxml2. This vulnerability occurs when the library...

DEBIAN-CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

CVE-2026-6732

CVE-2026-6732 affects libxml2 and is triggered when parsing an XSD-validated document that contains an internal entity reference, causing a type confusion error and a DoS via crashes. The vulnerability is tied to how libxml2 processes crafted XML Schema Definition inputs, with the impact describe...

EUVD-2018-0555

Malware in sbrugna...

EUVD-2025-17588

Malicious code in bioql PyPI...

EUVD-2023-32154

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

CVE-2025-30220

Geoserver-related CVE-2025-30220 is an XXE processing vulnerability in the GeoTools gt-xsd-core handling used by GeoServer WFS. The issue arises when building in‑memory XSD schemas without applying a proper EntityResolver, enabling unauthenticated attackers to exfiltrate local files and trigger S...

GHSA-826P-4GCG-35VW GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. Impact This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. Th...

GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. Impact This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. Th...

Siemens SCALANCE W700 NULL Pointer Dereference (CVE-2023-28484)

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

OPENSUSE-SU-2024:14443-1 xsd-4.1.0-3.1 on GA media

These are all security issues fixed in the xsd-4.1.0-3.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 40 Update: modello-2.1.2-6.fc40

Modello is a Data Model toolkit in use by the Apache Maven Project. Modello is a framework for code generation from a simple model. Modello generates code from a simple model format based on a plugin architecture, various types of code and descriptors can be generated from the single model,...

CentOS 9 : libxml2-2.9.13-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.13-4.el9 build changelog. - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Thi...

USN-6590-1 xerces-c vulnerabilities

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2023-2731)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2023-2762)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...