xmlsoft

Top products

The 15 most recently published vulnerabilities affecting xmlsoft.

• CVE-2026-6732Libxml2: libxml2: denial of service via crafted xsd-validated document6.5Apr 23, 2026
• CVE-2025-9714Stack overflow in libxml26.2Sep 10, 2025
• CVE-2025-7424Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes7.5Jul 10, 2025
• CVE-2025-6170Libxml2: stack buffer overflow in xmllint interactive shell command handling2.5Jun 16, 2025
• CVE-2025-6021Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml27.5Jun 12, 2025
• CVE-2025-32415In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against a...2.9Apr 17, 2025
• CVE-2025-32414In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead a...5.6Apr 8, 2025
• CVE-2025-24855numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, ...7.8Mar 14, 2025
• CVE-2024-55549xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.7.8Mar 14, 2025
• CVE-2025-27113libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.2.9Feb 18, 2025
• CVE-2025-24928libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untruste...7.8Feb 18, 2025
• CVE-2024-56171libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be ...7.8Feb 18, 2025
• CVE-2022-49043xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.8.1Jan 26, 2025
• CVE-2024-40896In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by set...9.1Dec 23, 2024
• CVE-2024-34459An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContex...7.5May 13, 2024