expat (SUSE:Linux Enterprise Server for SAP Applications 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 15 SP6 package expat, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-32776 — CVSS 4.0 (medium): libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
CVE-2026-32778 — CVSS 2.9 (low): libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.