CVSS: 2.9EPSS: 0%CPEs: 6EXPL: 0CVE-2026-0992 – Libxml2: libxml2: denial of service via crafted xml catalogs
https://notcve.org/view.php?id=CVE-2026-0992
15 Jan 2026 — A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated
CVSS: 3.7EPSS: 0%CPEs: 7EXPL: 0CVE-2026-0989 – Libxml2: unbounded relaxng include recursion leading to stack overflow
https://notcve.org/view.php?id=CVE-2026-0989
15 Jan 2026 — A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk. It was discovered that libxml2 incorrectly handled maliciously crafted SGML catalog files. • https://access.redhat.com/security/cve/CVE-2026-0989 • CWE-674: Uncontrolled Recursion •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2026-0990 – Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing
https://notcve.org/view.php?id=CVE-2026-0990
15 Jan 2026 — A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications. It was d... • https://access.redhat.com/security/cve/CVE-2026-0990 • CWE-674: Uncontrolled Recursion •
CVSS: 9.4EPSS: 0%CPEs: 51EXPL: 0CVE-2025-49794 – Libxml: heap use after free (uaf) leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49794
16 Jun 2025 — A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
CVSS: 2.5EPSS: 0%CPEs: 24EXPL: 0CVE-2025-6170 – Libxml2: stack buffer overflow in xmllint interactive shell command handling
https://notcve.org/view.php?id=CVE-2025-6170
16 Jun 2025 — A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause ... • https://access.redhat.com/security/cve/CVE-2025-6170 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49795 – Libxml: null pointer dereference leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49795
16 Jun 2025 — A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. These are all security issues fixed in the libxml2-2-2.13.8-2.1 package on the GA media of openSUSE Tumbleweed. • https://access.redhat.com/security/cve/CVE-2025-49795 • CWE-825: Expired Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 50EXPL: 0CVE-2025-49796 – Libxml: type confusion leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49796
16 Jun 2025 — A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use... • https://access.redhat.com/security/cve/CVE-2025-49796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 0CVE-2025-6021 – Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-6021
12 Jun 2025 — A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. Ahmed L... • https://access.redhat.com/security/cve/CVE-2025-6021 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-10306 – Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests
https://notcve.org/view.php?id=CVE-2024-10306
23 Apr 2025 — A vulnerability was found in mod_proxy_cluster. The issue is that the
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •