Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.9 CVE-2026-56412

CVE-2026-56412_CVE-2026-56412

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from with...

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56411

CVE-2026-56411_CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56410

CVE-2026-56410_CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

libexpat project libexpat CVE
MEDIUM 6.5 CVE-2026-56409

CVE-2026-56409_CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56408

CVE-2026-56408_CVE-2026-56408

libexpat before 2.8.2 has an integer overflow in copyString.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56407

CVE-2026-56407_CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56406

CVE-2026-56406_CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56405

CVE-2026-56405_CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56404

CVE-2026-56404_CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56403

CVE-2026-56403_CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts.

libexpat project libexpat CVE