CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

EUVD-2014-2268

Malware in sbrugna...

EUVD-2022-5599

Malicious code in bioql PyPI...

EUVD-2022-29948

Malicious code in bioql PyPI...

EUVD-2022-41311

Malicious code in bioql PyPI...

XML Signature Bypass

xml-crypto is vulnerable to an XML Signature Bypass. The vulnerability is due to improper validation of signed XML structures, allowing an attacker to modify a signed XML message while still passing signature verification checks...

xml-crypto 数据伪造问题漏洞

NPM xml-crypto is a digital signature and encryption library from NPM. A security vulnerability exists in xml-crypto version 6.0.0 and earlier that stems from bypassing authentication or authorization mechanisms, allowing an attacker to modify valid signed XML messages...

NPM xml-crypto 数据伪造问题漏洞

NPM xml-crypto is a digital signature and cryptography library from NPM. A security vulnerability exists in NPM xml-crypto version 6.0.0 and earlier that stems from bypassing authentication or authorization mechanisms, allowing an attacker to modify valid signed XML messages...

CVE-2022-38744 FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML...

Apache ActiveMQ Apollo XXE Vulnerability

XML external entity XXE vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages...

GHSA-WMHW-HPWH-44PG Apache ActiveMQ Apollo XXE Vulnerability

XML external entity XXE vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages...

GHSA-FJ28-869X-VV5G SimpleSAMLphp InfoCard module Incorrect signature verification

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...

SimpleSAMLphp InfoCard module Incorrect signature verification

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...

CVE-2022-25251

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

CVE-2022-25251

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, which allows an attacker to read and modify configuration data.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages. Exploiting this vulnerability allows a malicious actor to read and modify configuration data remotely...

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...

TinyXML Infinite Loop Vulnerability

TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...

eCNS280 code issue vulnerability

Huawei eCNS280 is the core network equipment of Huawei's wireless broadband trunking system in China. In addition to providing traditional core network functions, it also provides network elements with capacity configurations based on actual applications by virtualizing network element functions...

Tenable SecurityCenter 5.9.x to 5.12.x SimpleSAMLPHP Privilege Escalation (TNS-2020-01)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is 5.9.x, 5.10.x, 5.11.x or 5.12.x. It is, therefore, affected by a privilege escalation vulnerability due to incorrect validation of cryptographic signatures in XML messages in the...