CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

MiracleLinux 7 : xmlsec1-1.2.20-7.el7 (AXSA:2017-1915:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1915:01 advisory. XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards XML Digital...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004028 advisory. An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivarssdt ACPI variable could be used by...

CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

CVE-2025-14232

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2026-21910

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network...

CVE-2026-21910 Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network...

CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

CVE-2026-0684

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

UBUNTU-CVE-2026-0888

Information disclosure in the XML component. This vulnerability affects Firefox 147 and Thunderbird 147...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the metadatadst leak in bpfredirectneigh for arguments bpfredirectneighv4,6 Cilium includes a BPF egress gateway feature that forces outgoing Kubernetes Pods’ traffic to pass through dedicated egress gateways. This...

CVE-2026-0888 Information disclosure in the XML component

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox prior to version 147, which stems from an information leak in an XML component...

PT-2026-2636

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis admin init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-68493

CVE-2025-68493 describes a Missing XML Validation vulnerability in Apache Struts (affecting 2.0.0–2.2.1, 2.2.1–6.1.0; fixed in 6.1.1). A connected exploit resource provides a PoC targeting the XXE weakness in XWork, including a read-file payload (e.g., /etc/passwd) via the vulnerable XML parsing ...

Apache Struts 安全漏洞

Apache Struts is an open source project of the U.S. Apache Apache Foundation , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts version 2.0.0 to version 2.3.37 ...

CVE-2023-25955

National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...

CVE-2025-40584

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 All versions, SIMOTION SCOUT TIA V5.5 All versions, SIMOTION SCOUT TIA V5.6 All versions V5.6 SP1 HF7, SIMOTION SCOUT TIA V5.7 All versions V5.7 SP1 HF1, SIMOTION SCOUT V5.4 All versions, SIMOTION SCOUT V5.5 All versions, SIMOTION SCO...