Lucene search
+L

1054 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 11:59 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034.

Summary IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66034 DESCRIPTION: fontTools is a library fo...

9.8CVSS6.4AI score0.00496EPSS
Exploits9Affected Software1
GithubExploit
GithubExploit
added 2026/03/16 10:43 a.m.353 views

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

9.8CVSS6.1AI score0.00496EPSS
Exploits9
EUVD
EUVD
added 2026/03/04 9:31 a.m.8 views

EUVD-2026-9365

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS6AI score0.00367EPSS
Exploits1References2
NVD
NVD
added 2026/03/04 7:16 a.m.9 views

CVE-2026-28770

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

8.8CVSS0.00367EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/04 7:6 a.m.5 views

CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS6AI score0.00367EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 7:6 a.m.6 views

CVE-2026-28770

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS6AI score0.00367EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/04 7:6 a.m.18 views

CVE-2026-28770

CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...

8.8CVSS6AI score0.00367EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞

The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...

8.8CVSS5.8AI score0.00367EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-22872

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 Description The application does not properly neutralize special elements within the /IDC Logging/checkifdone.cgi script,...

5.3CVSS6AI score0.00367EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:45 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools [CVE-2025-66034]

Summary IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools, an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed CVE-2025-66034. fontTools is used in our service runtimes. This vulnerabilitiy has...

9.8CVSS6.5AI score0.00496EPSS
Exploits9Affected Software1
Veracode
Veracode
added 2026/02/16 10:39 a.m.10 views

XML Injection

jsPDF is vulnerable to XML Injection. The vulnerability is due to improper input sanitization in the addMetadata function, which allows an attacker to inject arbitrary XMP metadata into generated PDFs and compromise their integrity when the input is unsanitized...

6.9CVSS5.8AI score0.00253EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/04 9:15 p.m.7 views

CVE-2026-1554

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

4.2CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:26 p.m.4 views

CVE-2026-1554

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

5.4AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/04 8:26 p.m.5 views

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

4.2CVSS5.9AI score0.00152EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

Drupal Central Authentication System Server 安全漏洞

The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...

4.2CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:34 p.m.4 views

CVE-2026-24043

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

6.9CVSS5.5AI score0.00253EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/02 8:34 p.m.7 views

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

6.9CVSS5.5AI score0.00253EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/02 6:28 p.m.4 views

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document authorship or other metadata fields. Workaround...

6.9CVSS6.1AI score0.00253EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.13 views

PT-2026-5717

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

6.9CVSS5.5AI score0.00253EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5243

Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...

4.2CVSS5.7AI score0.00152EPSS
Exploits0References8
Rows per page
Query Builder