Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Red Hat Developer Hub 1.7.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

iccDEV 安全漏洞

iccDEV is an open source color configuration code base from the International Color Consortium ICC. A security vulnerability exists in versions prior to iccDEV 2.3.1.2, which stems from a stack overflow in the XML Calculator macro extension...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium ICC. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from a null pointer dereference in the XML parser...

Cisco Identity Services Engine（Cisco ISE）和Cisco ISE Passive Identity Connector 代码问题漏洞

The Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.The Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by...

CVE-2025-36589

Dell Unisphere for PowerMax, versions 9.2.4.x, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended...

CVE-2026-21493

CVE-2026-21493 (iccDEV) affects the iccDEV library/tools used for ICC color management profiles. The vulnerability is a Type Confusion in the CIccSingleSampledeCurveXml class during XML Curve Serialization. Affected versions are 2.3.1.1 and earlier; the issue is fixed in version 2.3.1.2. The Red ...

PT-2026-1394

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a memory leak in the XML MPE Parsing Path iccFromXml. Recommendations Update to...

PT-2026-1460

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax versions 9.2.4.x Description Dell Unisphere for PowerMax versions 9.2.4.x contain an Improper Restriction of XML External Entity Reference issue. A low privileged attacker with remote access could potentially exploi...

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

PT-2026-27717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the freeing of EFI boot services memory. The efi free boot services function incorrectly uses memblock free late to free memory reserved wit...

CVE-2022-50809

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

CVE-2025-15251 beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entit...

CVE-2022-50809

In CVE-2022-50809, the Linux kernel vuln is a memory-leak in xhci_alloc_dbc() when DbC is already in use, where the xhci_dbc memory may not be freed before returning NULL. Concretely, the issue is triggered during DbC allocation and leads to a memleak as described in the public entries; multiple ...

CVE-2025-8075

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

EUVD-2025-205418

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

PT-2025-53450

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate validation of incoming XML format request messages can allow for cross-site scripting XSS attacks on a user's browser. The vulnerability affects Industrial Control Systems...