Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. id: CVE-2023-43187 info: name: NodeBB XML-RPC Request xmlrpc.php - XML Injection author: 0xParth...

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

CVE-2026-53723

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

EUVD-2026-36242

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to xmldom (CVE-2026-41672, CVE-2026-41673, CVE-2026-41674 & CVE-2026-41675)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to xmldom. Vulnerability Details CVEID:CVE-2026-41672 DESCRIPTION: xmldom is a pure...

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

EUVD-2026-35188

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

samlify 安全漏洞

Samlify is a Node.js library developed by TNGAN’s individual developers, used for SAML SSO. Versions of Samlify prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from template substitution only escaping attribute contexts, while values within element texts were not...

CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

CVE-2026-11169

The CVE-2026-11169 issue affects Google Chrome (Chromium-based) and is described as an inappropriate XML implementation that enables UXSS via a crafted XML file. Affected software is Chrome prior to version 149.0.7827.53. The underlying cause is an improper XML handling path within Chrome/Chromiu...

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-44664 DESCRIPTION: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-44664 DESCRIPTION: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper XML implementation. A remote attacker could inject arbitrary scripts or HTML through a specially crafted XML file...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom. CVE-2026-34601 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses fast-xml-parser-5.3.6.tgz, mlflow-3.9.0rc0-py3-none-any.whl, bcpkix-jdk18on-1.79.jar, pythonmultipart-0.0.24-py3-none-any.whl, bcprov-jdk18on-1.79.jar, spring-security-core-6.5.9.jar, spring-boot-autoconfigure-3.5.13.jar, spring-web-6.2.17.jar,...