EulerOS Virtualization 2.10.0 : libxslt (EulerOS-SA-2026-2056)

According to the versions of the libxslt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers an...

PT-2026-38773

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Security Bulletin: IBM Content Navigator is affect my Apache Xalan

Summary IBM Content Navigator is affected by CVE-2022-34169, a remote code execution vulnerability CWE-681 in the Apache Xalan Java XSLT library. An integer truncation flaw in the processing of XSLT stylesheets allows a remote attacker to supply a specially crafted stylesheet and execute arbitrar...

EulerOS Virtualization 2.12.0 : libxslt (EulerOS-SA-2026-1500)

According to the versions of the libxslt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers an...

[SECURITY] [DLA 4428-1] mediawiki security update

Debian LTS Advisory DLA-4428-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2025 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.35.13-1+deb11u6 CVE ID : CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481...

Mozilla Firefox ESR < 45.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-02 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are...

EUVD-2021-24093

Malware in sbrugna...

EUVD-2009-1695

Malware in sbrugna...

EUVD-2011-1430

Malware in sbrugna...

EUVD-2013-2841

Malware in sbrugna...

EUVD-2015-0939

Malware in sbrugna...

EUVD-2009-1708

Malware in sbrugna...

EUVD-2018-16962

Malware in sbrugna...

OESA-2025-2255 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

DEBIAN-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

USN-7263-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2025-1011, CVE-2025-1013,...

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...

Cross Platform Webkit File Dropper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...