Eaton Intelligent Power Protector 安全漏洞

Eaton Intelligent Power Protector is a power protection software developed by the American company Eaton. There is a security vulnerability in Eaton Intelligent Power Protector, which stems from improper XML input validation. This vulnerability could allow attackers with administrative privileges...

CVE-2026-27942

A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the preserveOrder option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service DoS. Mitigation To...

Hanwha Vision Camera Improper Neutralization of Input During Web Page Generation (CVE-2025-8075)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

CVE-2025-8075 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

CVE-2025-8075 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

EUVD-2024-42813

Malicious code in bioql PyPI...

CVE-2025-2905

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

CVE-2024-47582

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...

CVE-2024-47582

CVE-2024-47582 affects SAP NetWeaver Application Server for Java. The root cause is missing validation of XML input, enabling an unauthenticated attacker to send malicious XML to an endpoint, triggering an XML Entity Expansion attack with limited impact on availability. The vulnerability is descr...

PT-2024-32663 · Sap Se · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to missing validation of XML input, which allows an unauthenticated attacker to send malicious input to an endpoint. This leads to ...

Local File Bypass

phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...

SUSE CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient input validation in XML, and can be exploited by remote attackers to bypass file access restrictions via a...

Cisco Web Security Appliance Privilege Escalation (cisco-sa-scr-web-priv-esc-k3HCGJZ)

According to its self-reported version, Cisco Web Security Appliance is affected by a privilege escalation vulnerability. A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injectio...

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

CVE-2021-1359

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from a security vulnerability that stems from insufficient validation of user-supplied XML input in RSS widgets, which can be exploited by a remote user to pass specially...

SharePoint DataSet / DataTable Deserialization Exploit

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint...