297 matches found
CData RSB Connect v22.0.8336 - Server Side Request Forgery
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF. id: CVE-2023-24243 info: name: CData RSB Connect v22.0.8336 - Server Side Request Forgery author: ritikchaddha severity: high description: | CData RSB Connect v22.0.8336 was discovered to contain a...
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...
CData Arc < 23.4.8839 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...
CData Sync < 23.4.8843 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
...
CVE-2026-56412
A flaw was found in libexpat. This vulnerability, present in versions before 2.8.2, stems from improper handling of XML CDATA sections, where the library fails to adequately track the depth of handler calls. This can result in a 'use-after-free' error, a type of memory corruption that could allow...
CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
CVE-2026-56412
In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...
CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
EUVD-2026-38189
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
PT-2026-51248
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where XML TOK DATA CHARS is not considered in the doCdataSection function. This leads to a lack of handler call depth tracking for various calls from within handlers during policy...
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection during request serialization of scalar XML element values. An attacker can smuggle raw XML markup into generated output by supplying a string that contains CDATA terminator . This lets attacker-controlled content break out...
CVE-2026-53723
Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...
guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator
Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...
GHSA-Q8R6-5HFW-5JFF guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator
Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...
CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator
Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...
CVE-2026-53723
Guzzle Services (guzzlehttp/guzzle-services) contains an XML request serialization flaw in versions before 1.5.4 where scalar XML element values may include the CDATA terminator ]]>, causing the CDATA to end early and injecting XML markup into outgoing requests. This is an outgoing request‑bod...
PT-2026-48666
Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...