Linux Distros Unpatched Vulnerability : CVE-2026-41650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the --...

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

Traccar 安全漏洞

Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. There were...

PT-2026-37033

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontvarlib.py — CVE-2025-66034 fontTools varLib — Arbi...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

No d...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

No d...

CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

Heatmiser Netmonitor 跨站脚本漏洞

Heatmiser Netmonitor is a temperature control system controller developed by Heatmiser Corporation. Version 3.03 of Heatmiser Netmonitor contains a cross-site scripting vulnerability. This vulnerability stems from an HTML injection in the outputtitle parameter of the outputSetup.htm page, which m...

jsPDF 注入漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 had an injection vulnerability. This vulnerability stemmed from the first parameter of the addMetadata function, allowing users to inject arbitrary XML, which could potentially...

XML Injection

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...

OpenClinica Community Edition 安全漏洞

OpenClinica Community Edition is a clinical data management system from OpenClinica, Inc. in the United States. A security vulnerability exists in OpenClinica Community Edition versions 3.12.2 and 3.13, which stems from an incorrect manipulation of the parameter xmlfile in the file/ImportCRFData,...

CVE-2025-7473

Zohocorp ManageEngine EndPoint Central (versions 11.4.2516.1 and earlier) are documented as vulnerable to XML Injection. The issue is a parsing/XML data handling flaw leading to injection. Connected advisories indicate these XML injection vulnerabilities were addressed with vendor updates across ...

CVE-2025-54251

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access...

PT-2025-35498

Name of the Vulnerable Software and Affected Versions: xmltodict version 0.14.2 Description: An XML Injection vulnerability exists in xmltodict, allowing for Input Data Manipulation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Linux Distros Unpatched Vulnerability : CVE-2019-1010017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is:...

CVE-2023-33257

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat...

XML Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to XML Injection through the XML processing mechanism. An attacker can bypass security features by sending a specially crafted XML script. Remediation...

PT-2022-18317 · Intel · Quartus Prime Standard +1

Name of the Vulnerable Software and Affected Versions: IntelR Quartus Prime Pro and Standard edition software affected versions not specified Description: The issue concerns XML injection in the QuartusR Prime Programmer, which may allow an unauthenticated user to potentially enable information...

PT-2021-6352 · Adobe · Magento Commerce

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier Magento Commerce version 2.3.7 and earlier Description: The issue is related to an XML Injection vulnerability in the Widgets Update Layout of Magento Commerce. This...