CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-1285

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

SEW-EURODRIVE MOVITOOLS MotionStudio Code Issue Vulnerability

SEW-EURODRIVE MOVITOOLS MotionStudio is an engineering software from SEW-EURODRIVE. A security vulnerability exists in SEW-EURODRIVE MOVITOOLS MotionStudio version 6.5.0.2, which originates from the possibility of unrestricted file access when processing XML messages...

The vulnerability of the microprogrammed software of IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises from buffer overflows in the stack. This allows intruders to execute arbitrary code.

The vulnerability of the microprogrammed software for IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises due to buffer overflows in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code upon...

The vulnerability of the start_unichar function in the ReportLab library allows a hacker to execute arbitrary code.

The vulnerability of the startunichar function in the ReportLab library is related to an error in XML document processing. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the SetHostIPv6Settings() function in the IPv6Mode mode of the D-Link DAP-1325 wireless signal booster software allows a hacker to execute arbitrary code.

The vulnerability of the SetHostIPv6Settings function in the IPv6Mode mode of the D-Link DAP-1325 wireless signal booster software is related to the escape of the operation outside the buffer in memory during the processing of XML data. Exploiting this vulnerability could allow a remote attacker ...

The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill allows a attacker to execute arbitrary code.

The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill is related to a memory boundary error during XML file processing. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...