libxml2

The PHP ecosystem suffered a practical and easily-triggered availability bug when researchers disclosed CVE-2025-6491: a NULL pointer dereference in the PHP SOAP extension caused by an oversized XML namespace prefix. The defect is not a subtle compiler edge case — it is reliably reproducible...

libxml2 contained a subtle but real use‑after‑free in its tree manipulation code that was assigned CVE‑2023‑45322 — a bug that only triggers after a specific memory allocation fails, but which nevertheless exposes real availability and stability risks for any software that embeds the library...

Microsoft’s short public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a scoped, product‑level inventory statement, not a categorical guarantee that no other Microsoft product or image could contain the same...

Hitachi Energy’s widely deployed RTU500 series has been the subject of a renewed and broad advisory outlining multiple, exploitable parsing and memory-corruption flaws that can trigger Denial‑of‑Service (DoS) conditions and — in at least one case — permit bypass of secure firmware update checks...