4157 matches found
CVE-2026-4374 Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...
CVE-2026-4374
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...
XML Injection
Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the XMLSerializer function. An attacker can manipulate the structure and integrity of generated XML documents b...
GHSA-WH4C-J3R5-MJHP xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Summary @xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain...
xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Summary @xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain...
Linux Distros Unpatched Vulnerability : CVE-2026-34043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerabili...
PT-2026-29442
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...
PT-2026-29497
Name of the Vulnerable Software and Affected Versions xmldom versions 0.6.0 and prior, and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9 Description The xmldom library contains a flaw where attacker-controlled strings including the CDATA terminator can be inserted into a CDATASection node...
SUSE-SU-2026:20956-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting bsc1257181. - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader bsc1259240...
DEBIAN-CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.39-1.fc42
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
[SECURITY] Fedora 43 Update: perl-YAML-Syck-1.39-1.fc43
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
[SECURITY] Fedora 44 Update: perl-YAML-Syck-1.39-1.fc44
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
Serialize JavaScript 安全漏洞
"Serialize JavaScript" is a Yahoo open-source project that serializes JavaScript into JSON super sets containing regular expressions and functions. Versions of "Serialize JavaScript" prior to 7.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a specially craft...