Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-12805

OFFIS DCMTK ofxml.cc parseFile heap-based overflow_CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Exe...

OFFIS DCMTK 3.0 CVE
MEDIUM 4.9 CVE-2026-56412

CVE-2026-56412_CVE-2026-56412

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from with...

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56411

CVE-2026-56411_CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56410

CVE-2026-56410_CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

libexpat project libexpat CVE
MEDIUM 6.5 CVE-2026-56409

CVE-2026-56409_CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56408

CVE-2026-56408_CVE-2026-56408

libexpat before 2.8.2 has an integer overflow in copyString.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56407

CVE-2026-56407_CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56406

CVE-2026-56406_CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56405

CVE-2026-56405_CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId.

libexpat project libexpat CVE
MEDIUM 6.9 CVE-2026-56404

CVE-2026-56404_CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding.

libexpat project libexpat CVE