📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

UBUNTU-CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000280)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000280 advisory. In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka...

CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1029

CVE-2025-1029 concerns Utarit Information Services Inc. SoliClub, where hard-coded credentials permit reading sensitive constants from the executable. Multiple sources (NVD, Red Hat, CVE/CVEList, CNNVD, EUVD, etc.) consistently describe impact for SoliClub versions 5.2.4 through 5.3.7. The vulner...

PT-2025-52231

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7...

EUVD-2018-9056

Malware in sbrugna...

EUVD-2011-1657

Malicious code in bioql PyPI...

WordPress plugin AutomatorWP 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Advanced File Manager plugin <= 5.3.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin Advanced File Manager versions = 5.3.6...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.6...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control (CVE-2019-17573, CVE-2019-12406)

Summary IBM WebSphere Application Server Liberty is vulnerable to Apache CXF cross-site scripting and denial of service . These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by imprope...

Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (CVE-2020-1967, CVE-2019-1551)

Summary OpenSSL could allow a remote attacker to obtain sensitive information and is vulnerable to a denial of service. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-1967 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer...

Security Bulletin: Netty vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-16869)

Summary Netty HTTP request smuggling vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding :...

Security update for lua53 (moderate)

openSUSE Security Update: Security update for lua53 Announcement ID: openSUSE-SU-2021:2196-1 Rating: moderate References: 1175448 1175449 Cross-References: CVE-2020-24370 CVE-2020-24371 CVSS scores: CVE-2020-24370 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-24370 SUSE: 4...

Security update for lua53 (moderate)

openSUSE Security Update: Security update for lua53 Announcement ID: openSUSE-SU-2021:0962-1 Rating: moderate References: 1175448 1175449 Cross-References: CVE-2020-24370 CVE-2020-24371 CVSS scores: CVE-2020-24370 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-24370 SUSE: 4...

CVE-2020-4381

CVE-2020-4381 affects IBM Spectrum Scale for IBM Elastic Storage Server (ESS) versions 5.3.0–5.3.5. An authenticated user can cause a denial of service during deployment or upgrade if GUI-specific services are enabled. The IBM bulletin notes a fix is available: upgrade ESS to version 5.3.6 via Fi...

WordPress wpDiscuz plugin <= 5.3.5 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found in WordPress wpDiscuz plugin versions = 5.3.5. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 5.3.6...

Apple Security Update: watchOS 5.3.6

Apple recommends to install security update watchOS 5.3.6 on devices Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed...