CVE-2026-43507

A flaw was found in Prosody. An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted XML data, leading to excessive memory consumption. This memory exhaustion can cause a Denial of Service DoS, making the service unavailable to legitimate users...

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

EUVD-2014-0961

Malware in sbrugna...

EUVD-2015-7839

Malware in sbrugna...

EUVD-2014-0980

Malware in sbrugna...

EUVD-2018-0431

Malware in sbrugna...

EUVD-2014-3588

Malware in sbrugna...

EUVD-2022-5381

Malicious code in bioql PyPI...

PT-2024-4214 · Aveva · Aveva Pi Asset Framework Client

Name of the Vulnerable Software and Affected Versions: AVEVA PI Asset Framework Client affected versions not specified Description: The issue allows malicious code to execute on the PI System Explorer environment under the privileges of an interactive user. This can happen when an attacker social...

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-45960 - expat:...

XML External Entity (XXE)

scrapy is vulnerable to XML External Entity XXE. The vulnerability is due to the lxml.etree.fromstring function which lacks input validation, enabling attackers to execute denial of service attacks, access local files, create network connections, or bypass firewalls through specially crafted XML...

CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

K35240323: PHP vulnerability CVE-2016-4539

Security Advisory Description The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML da...

K15104541: Expat XML library vulnerability CVE-2015-1283

Security Advisory Description Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact v...

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

SUSE CVE-2015-1283

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...

SUSE CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

SUSE CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

SUSE CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

Debian dla-3101 : libxslt1-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3101 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3101-1 [email protected]...