CVE-2026-24043

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2022-4967

Malicious code in bioql PyPI...

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

HCL Unica Platform Code Issue Vulnerability

HCL Technologies HCL Unica Platform is a state-of-the-art enterprise automated marketing platform from HCL Technologies, USA. No manual effort is required to handle routine marketing tasks and capture the most effective leads. A security vulnerability exists in HCL Unica Platform versions 12.x...

GHSA-QJ27-W92H-FC9R XML external entity (XXE) vulnerability in Jenkins

XML external entity XXE vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

Design/Logic Flaw

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

CVE-2020-15593

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

Code injection

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

Xxe

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1809

CVE-2015-1809 describes an XML External Entity (XXE) vulnerability in CloudBees Jenkins prior to 1.600 and in LTS releases prior to 1.596.1. The vulnerability arises from Jenkins' XPath/XML handling, allowing a remote attacker with read access to read arbitrary XML files on the Jenkins server. Af...

Digital Paradise Mobile Office Middleware Interface Arbitrary XML File Read Vulnerability

Digital Paradise's MKey3G mobile office middleware is an enterprise-oriented application BYOD middleware platform, which has been widely used in energy, finance, government and enterprises. There is an arbitrary XML file reading vulnerability in the interface of Digital Paradise's mobile office...

jenkins: external entity injection via XPath (SECURITY-165)

It was found that Jenkins' XPath handling allowed XML External Entity XXE expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server...

Pentaho 4.5.0 - User Console XML Injection

Pentaho 4.5.0 - User Console XML Injection ======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag...

Pentaho < 4.5.0 - User Console XML Injection

======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag defines an external entity, xxe8295c, whic...