PT-2025-32782 · Unknown +1 · Ppp Eap-Tls +1

Name of the Vulnerable Software and Affected Versions: Remote Access Point-to-Point Protocol PPP EAP-TLS affected versions not specified Description: A use after free issue exists in Remote Access Point-to-Point Protocol PPP EAP-TLS. This allows a locally authorized attacker to elevate privileges...

Linux Distros Unpatched Vulnerability : CVE-2021-47134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. I...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

BIT-LIBPHP-2021-21702 Null Dereference in SoapClient

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash...

BIT-LIBPYTHON-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2021-46951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called...

PT-2025-32364 · Xerox · Xerox Freeflow Core

Name of the Vulnerable Software and Affected Versions: Xerox FreeFlow Core version 8.0.4 Description: Improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, resulting in a Server-Side Request Forgery SSRF...

Linux Distros Unpatched Vulnerability : CVE-2024-46868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefiacquire If the qcuefi pointer is not set,...

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

UBUNTU-CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

RHEL 10 : libxml2 (RHSA-2025:13429)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13429 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-Bounds...

RHEL 9 : libxml2 (RHSA-2025:13428)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13428 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-Bounds...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1722)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML External Entity (XXE) Injection

Overview langchain-text-splitters is a LangChain text splitting utilities Affected versions of this package are vulnerable to XML External Entity XXE Injection due to insecure XML parser configurations and the presence of the xsltpath parameter in the HTMLSectionSplitter class. Details XXE...

Dell SmartFabric OS10 Software Code Issue Vulnerability

Dell SmartFabric OS10 Software is network operating system software developed by Dell to simplify the management and automation of data center network architectures. A security vulnerability exists in Dell SmartFabric OS10 Software versions prior to 10.6.0.5 that stems from improper handling of X...

The vulnerability of the SmartFabric OS10 network operating system, related to incorrect restrictions on XML links to external objects, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SmartFabric OS10 network operating system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...