7 matches found
CVE-2026-45071
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent set DOMDocument::$validateOnParse = true before loadXML, re-enabling external entity resolution and allowing attacker-supplied XML ...
MAL-2026-854 Malicious code in sinon-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9ac1d9ff3647908703db921b2e950e479861f18e7b1bad8377baaa7400d32c The package sinon-node was found to contain malicious code. Source: ghsa-malware 5aa93130bd1915120b30dc2472c774ac984ea2c2166d7865d30fdf8343225f50 Any...
Linux Distros Unpatched Vulnerability : CVE-2023-6194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external...
PT-2024-19376 · Ministry Of Agriculture · Electronic Delivery Check System
Name of the Vulnerable Software and Affected Versions: Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version versions 14.0.001.002 and earlier Description: The issue is related to the improper restriction of XML...
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
pki-core: access to external entities when parsing XML can lead to XXE
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...
Malicious code in epic-ue-themes-la (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dd6b1635c8fd79c366882517043249a5f5f29688531b8a26db7a8cf43a43671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...