Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
161037.3%CRITICAL

Related CVEs

61
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-56412libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.MEDIUM5.91.3%Jun 21, 2026
CVE-2026-56411xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.MEDIUM6.91.5%Jun 21, 2026
CVE-2026-56410xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.MEDIUM6.91.5%Jun 21, 2026
CVE-2026-56409xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.MEDIUM6.51.0%Jun 21, 2026
CVE-2026-56408libexpat before 2.8.2 has an integer overflow in copyString.MEDIUM6.91.2%Jun 21, 2026
CVE-2026-56407libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.MEDIUM6.91.1%Jun 21, 2026
CVE-2026-56406libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.MEDIUM6.91.1%Jun 21, 2026
CVE-2026-56405libexpat before 2.8.2 has an integer overflow in getAttributeId.MEDIUM6.91.2%Jun 21, 2026
CVE-2026-56404libexpat before 2.8.2 has an integer overflow in addBinding.MEDIUM6.91.2%Jun 21, 2026
CVE-2026-56403libexpat before 2.8.2 has an integer overflow in storeAtts.MEDIUM6.91.2%Jun 21, 2026
CVE-2026-56132In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.MEDIUM6.90.5%Jun 19, 2026
CVE-2026-56131libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).MEDIUM4.91.2%Jun 19, 2026
CVE-2026-50219libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,MEDIUM5.912.2%Jun 4, 2026
CVE-2026-45186In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.HIGH7.522.8%May 10, 2026
CVE-2026-41080libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.LOW2.929.8%Apr 16, 2026
CVE-2026-32778libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.MEDIUM5.53.9%Mar 16, 2026
CVE-2026-32777libexpat before 2.7.5 allows an infinite loop while parsing DTD content.MEDIUM5.512.0%Mar 16, 2026
CVE-2026-32776libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.MEDIUM5.54.1%Mar 16, 2026
CVE-2026-25210In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.HIGH7.89.1%Jan 30, 2026
CVE-2026-24515In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.LOW2.56.7%Jan 23, 2026