73 matches found
CVE-2026-40042
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...
CVE-2026-33737
Chamilo LMS contains an XML External Entity (XXE) vulnerability in multiple files using simplexml_load_string() without XXE protection. With LIBXML_NOENT enabled, an attacker could read arbitrary server files. The issue affects versions prior to 1.11.38 and 2.0.0-RC.3, and is fixed in 1.11.38 and...
EUVD-2026-21569
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...
Unity Linux 20.1070e Security Update: php (UTSA-2025-984669)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984669 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML...
EUVD-2022-3697
Malicious code in bioql PyPI...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
Linux Distros Unpatched Vulnerability : CVE-2017-1000190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. CVE-2017-1000190 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2021-21707
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename...
BIT-LIBPHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
BIT-LIBPHP-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
php: libxml streams use wrong content-type header when requesting a redirected resource
A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...
BIT-PHP-MIN-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
BIT-PHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
CBL Mariner 2.0 Security Update: php (CVE-2025-1219)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1219 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...