Jenkins Extensible Choice Parameter Plugin 安全漏洞

Jenkins Extensible Choice Parameter Plugin is an open source parameter building plugin for Jenkins. A security vulnerability exists in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and prior versions, which stems from vulnerability to a cross-site request forgery attack that could...

PT-2025-44282

Name of the Vulnerable Software and Affected Versions Jenkins Extensible Choice Parameter Plugin versions 239.v5f5c278708cf and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Extensible Choice Parameter Plugin. This allows attackers to execute sandboxed Groovy...

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2025:3834-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3834-1 advisory. - CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests bsc1251941 Tenable has extracted th...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

SUSE-SU-2025:3834-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests bsc1251941...

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

GCC Productions Fade In 缓冲区错误漏洞

GCC Productions Fade In is a professional script writing software from GCC Productions, Inc. A buffer error vulnerability exists in GCC Productions Fade In version 4.2.0, which stems from an out-of-bounds write to the XML parser function that can be triggered by an attacker via a specially crafte...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : strongSwan vulnerability (USN-7841-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7841-1 advisory. Xu Biang discovered that the strongSwan client incorrectly handled EAP-MSCHAPv2 failure requests. If a user or automated system were...

UBUNTU-CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

EUVD-2025-36213

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

Ktor XML XXE Vulnerability Reproduction CVE-2023-45612 Re...

EUVD-2025-35162

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987643 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...

CVE-2025-33182

NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service...

SUSE-SU-2025:03537-1 Security update for expat

This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584...

rexml: REXML: Denial of Service via inefficient regex parsing

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

EUVD-2025-33165

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

EUVD-2008-1123

Malware in sbrugna...