PT-2026-47813

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-10884

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11020

CVE-2026-11020 concerns Google Chrome (Chromium-based) extensions. The initial description and connected advisories confirm an inappropriate implementation in Extensions that could allow a remote attacker to leak cross-origin data via a crafted XML file. The vulnerability is tied to Chrome versio...

CVE-2026-9112

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7896

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

JLSEC-2026-384

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

PT-2026-35252

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2025-47220

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2022-47950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...

UBUNTU-CVE-2024-41881

SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environme...

DEBIAN-CVE-2024-3172

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2016-1837

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules Desigo PXC4 and PXC5 allows a hacker to execute arbitrary code by injecting specially crafted XML into the XLS report file.

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules, Desigo PXC4 and PXC5, is related to errors during the elimination of special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

Unspecified Vulnerability in MojoHaus Exec Maven plugin for Maven

MojoHaus Exec Maven plugin for Maven is a use in Maven software project management and automated build tools to support the execution of Java programs in the plug-in . A security vulnerability exists in MojoHaus Exec Maven plugin for Maven version 1.1.1. The vulnerability can be exploited by an...

Mini-XML Denial of Service Vulnerability

Mini-XML also known as mxml is a small XML parser developed using the C language . A denial of service vulnerability exists in the 'mxmlAdd' function of the mxml-node.c file in Mini-XML version 2.12. A remote attacker can exploit this vulnerability with a specially crafted xml file to cause a...

The vulnerability of the Zabbix universal monitoring system arises from incorrect restrictions on XML links to external objects, allowing a perpetrator to execute arbitrary code or read arbitrary files.

The vulnerability of the Zabbix universal monitoring system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or read arbitrary files using a specially crafted XML request...

The vulnerability of the OpenSUSE Leap operating system allows a hacker to trigger a service failure.

The vulnerability of the MSL interpreter in the OpenSUSE Leap operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures segmentation errors and application termination by using a...