Lucene search
K

1651 matches found

CVE
CVE
added 6 days ago33 views

CVE-2026-55471

CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...

8.7CVSS6AI score0.00309EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.11 views

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and ACCESSEXTERNALSTYLESHEET="". Th...

8.7CVSS5.3AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:15 p.m.8 views

JLSEC-2026-582 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion...

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.2AI score0.00324EPSS
Exploits3References4
OSV
OSV
added 2026/06/08 1:15 p.m.12 views

JLSEC-2026-583 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an...

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.2AI score0.00324EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:15 p.m.12 views

JLSEC-2026-580

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

7.5CVSS8AI score0.04446EPSS
Exploits0References30
OSV
OSV
added 2026/06/08 1:15 p.m.11 views

JLSEC-2026-577

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

9.8CVSS7.2AI score0.05089EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.10.0 : libxslt (EulerOS-SA-2026-2056)

According to the versions of the libxslt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers an...

5.5CVSS5.5AI score0.00161EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

It was possible to create specific XSLT markup that could bypass the iframe sandbox. This vulnerability affects Firefox ESR versions prior to 91.5, Firefox versions prior to 96, and Thunderbird versions prior to 91.5...

10CVSS7.3AI score0.0134EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Thunderbird, Firefox

An attacker could exploit a “use-after-free” issue through crafted XSLT data, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS6.9AI score0.01196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An iframe from a cross-origin origin that references an XSLT document would inherit the permissions of the parent domain such as access to microphones or cameras. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

8.8CVSS7.7AI score0.00684EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium, LibXSLT

Before version 91.0.4472.164, using Blink XSLT in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS6.8AI score0.21623EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

10CVSS8.2AI score0.0383EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in openjdk-11, bcel

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7.6AI score0.17673EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-38773

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
RedHat Linux
RedHat Linux
added 2026/05/07 5:6 p.m.9 views

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

6.2CVSS6.1AI score0.00144EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 6:27 p.m.4 views

GHSA-V2FC-QM4H-8HQV Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/06 2:45 p.m.8 views

BIT-JAVA-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References3
OSV
OSV
added 2026/05/06 2:43 p.m.7 views

BIT-JAVA-MIN-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7AI score0.17673EPSS
Exploits2References25
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.17 views

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37752

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
Rows per page
Query Builder