CVE-2026-25174

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally...

CVE-2026-25174

CVE-2026-25174 is a Windows Privilege Elevation vulnerability described as an out-of-bounds read in the Windows Extensible File Allocation feature. The connected NCSC advisory confirms Microsoft has fixed vulnerabilities across Windows components, listing CVE-2026-25174 under Windows Extensible F...

CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability

...

PT-2026-24301

Уязвимость проприетарной файловой системы Windows Extensible File Allocation Table операционных систем Windows связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...

PT-2026-24490

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when...

CVE-2026-28770

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

CLSA-2026-1772646053 python3: Fix of CVE-2025-12084

CVE-2025-12084: Prevent quadratic-time behavior when building excessively nested XML elements...

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server ranging from 11.7.0.0 to 11.7.1.6...

xxe-blind

XXE Out-of-Band File Exfiltration Tool Herramienta en bash pa...

Xerox FreeFlow Core 安全漏洞

Xerox FreeFlow Core is a flexible and easy-to-use software developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which could allow malicious users to execute...

CVE-2026-20051

A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service

A flaw was found in the Linux kernel's Virtual Extensible LAN VXLAN implementation. An attacker with elevated privileges CAPNETADMIN can exploit this vulnerability by configuring the system to accept and forward VXLAN packets. The issue arises from an incorrect nexthop hash size, where a 32-bit...

CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

CVE-2025-65519

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

CVE-2025-55853

SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...

ezBookkeeping 安全漏洞

ezBookkeeping is a lightweight personal accounting application developed by mayswind developers. Versions of ezBookkeeping 1.2.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of nested depths during the processing of JSON and XML file...

Missing XML Validation

Apache Struts is vulnerable to Missing XML Validation. The vulnerability is due to improper validation of XML input data, which allows an attacker to exploit the application by submitting crafted XML content that bypasses security controls...