CVE-2026-24409

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

CVE-2026-24409

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

PT-2026-4558

Name of the Vulnerable Software and Affected Versions iccDEV versions 2.3.1.1 and below Description iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below contain Undefined Behavior and a Null Pointer Deferenc...

EUVD-2022-2933

Malicious code in bioql PyPI...

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false...

CVE-2024-38427

CVE-2024-38427 affects International Color Consortium DemoIccMAX prior to 85ce74e. A logic flaw in CIccTagXmlProfileSequenceId::ParseXml (IccXML/IccLibXML/IccTagXml.cpp) causes unconditionally returning false, with potential total impact per CVSS 3.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Remedia...

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false...

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false...

XML External Entity (XXE)

org.neo4j.procedure:apoc-core is vulnerable to XML External Entity XXE attacks. A remote authenticated attacker is able to trigger an XML external entity injection via the parseXML function which allows external entities to be resolved due to an improper configuration of the apoc.import.graphml...

Denial Of Service (DoS)

libxmljs is vulnerable to denial of service. The vulnerability exists in parseXml function because it doesn't ensure if the parseXML input is a string or buffer which allows an attacker to cause an application crash...

GHSA-773H-W45W-F2F9 Denial of service vulnerability exists in libxmljs

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a...

CVE-2022-21144

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

CVE-2022-21144

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

Code injection

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

CVE-2022-21144 Denial of Service (DoS)

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

CVE-2022-21144

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

PT-2022-14877 · Npm · Libxmljs

Name of the Vulnerable Software and Affected Versions: libxmljs versions all Description: The issue arises when the libxmljs.parseXml function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the toString method of the argument. If the argument's toString value i...

Denial of Service (DoS)

Overview libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the...

XML External Entity vulnerability in Easy-XML

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity XXE vulnerability which allows for an attacker to expose sensitive data or perform a denial of service DOS via a crafted external entity entered into the XML content as input...

XML External Entity (XXE) Injection

easy-xml is vulnerable to XML external entity injection. When processing XML data, the parseXML function in init .py allows an attacker to access sensitive data or crash the application...