CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

EUVD-2025-27001

Malicious code in bioql PyPI...

Obsidian GitHub Copilot Plugin 安全漏洞

Obsidian GitHub Copilot Plugin is a Github Copilot plugin by the individual developer Pierre-Adrien Vasseur. A security vulnerability exists in versions of Obsidian GitHub Copilot Plugin prior to 1.1.7, which stems from storing Github API tokens in clear-text form, which could lead to unauthorize...

muhttpd 路径遍历漏洞

muhttpd is a simple but complete web server for inglorion individual developers. Written in portable ANSI C, it supports logging, CGI scripting, MIME type based handlers and HTTPS. A security vulnerability exists in muhttpd versions prior to 1.1.7. An attacker could exploit this vulnerability to...

Synology Router Manager Command Injection Vulnerability (CNVD-2019-08959)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A command injection vulnerability exists in ftpd in Synology SRM versions prior to 1.1.7-6941-1. The vulnerability, which originates from a failure of a network system or...

CVE-2018-3758

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...