CVE-2025-8075

CVE-2025-8075 (Hanwha Vision cameras) : Nozomi Networks Labs reports that validation of incoming XML format requests is insufficient, enabling cross-site scripting (XSS) in the user’s browser. Tenable/Red Hat/NVD records reflect this vulnerability as affecting Hanwha Vision camera platforms; a ma...

Hanwha Vision Camera 安全漏洞

Hanwha Vision Camera is a series of cameras from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision Camera that stems from insufficient validation of incoming XML-formatted request messages, which could allow an attacker to execute a cross-site scripting attac...

Adobe Experience Manager (AEM) < 6.5.23.0 XML External Entity

Adobe Experience Manager AEM versions prior to 6.5.23.0 are affected by an XML External Entity XXE vulnerability. An attacker could exploit this vulnerability by sending a specially crafted XML request to the affected system, which could lead to unauthorized access to sensitive information or...

EUVD-2012-0369

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-56648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development...

CVE-2025-43801

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers...

CVE-2018-20160

ZxChat aka ZeXtras Chat, as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd...

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS...

SUSE CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

Mageia: Security Advisory (MGASA-2014-0547)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dotnet: XML source markup processing remote code execution

It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...

PT-2020-20700 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz version 17.12.03 Description: The issue concerns XML-RPC requests being vulnerable to unsafe deserialization and Cross-Site Scripting issues. This allows a remote attacker to execute arbitrary code. Recommendations: For Apache...

Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...

Kentico CMS Staging SyncServer Unserialize Remote Command Execution

This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passe...

PT-2020-15355 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.6 and earlier Description: The issue allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins...

CVE-2018-12463

Summary (CVE-2018-12463, Fortify SSC): An XML External Entity (XXE) vulnerability affects Fortify Software Security Center (SSC) versions 17.1, 17.2, and 18.1, allowing remote unauthenticated attackers to read arbitrary files or perform server-side request forgery (SSRF) via a crafted DTD in XML ...

Microsoft .NET Framework and .NET Core Denial of Service Vulnerability (CNVD-2018-09318)

NET Framework and .NET Core are both products of Microsoft Corporation.Microsoft .NET Framework is a comprehensive and consistent programming model and development platform for building applications for Windows, Windows Store, Windows Server, and Microsoft Azure. NET Framework is a comprehensive...

CVE-2017-12355

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

Race condition

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

CVE-2017-12355

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...