Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.9 CVE-2026-56410

CVE-2026-56410_CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

libexpat project libexpat CVE
MEDIUM 6.5 CVE-2026-56409

CVE-2026-56409_CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56408

CVE-2026-56408_CVE-2026-56408

libexpat before 2.8.2 has an integer overflow in copyString.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56407

CVE-2026-56407_CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56406

CVE-2026-56406_CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56405

CVE-2026-56405_CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56404

CVE-2026-56404_CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56403

CVE-2026-56403_CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts.

libexpat project libexpat CVE
CRITICAL 9.4 CVE-2026-56397

SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README_CVE-2026-56397

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject ...

SiYuan SiYuan CVE
HIGH 8.7 CVE-2026-56396

phpMyFAQ – Privilege Escalation via Missing Authorization in editUser() and updateUserRights()_CVE-2026-56396

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated admini...

phpMyFAQ phpMyFAQ CVE