EUVD-2026-34469

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...

CVE-2026-11035

CVE-2026-11035 describes an inappropriate implementation in Google Chrome for Android’s Custom Tabs prior to version 149.0.7827.53, enabling a local attacker to escalate privileges via a crafted XML file. The underlying issue is in the Custom Tabs integration, leading to total impact on confident...

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

FacturaScripts 2025.43 - XSS

Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

CVE-2025-67289

CVE-2025-67289 affects Frappe Framework, specifically the Attachments module in v15.89.0. The vulnerability allows arbitrary code execution through uploading a crafted XML file, enabling an attacker to run code on the server. The CVSS v3.1 base score is 9.6 (CRITICAL) with network access, no priv...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2018-13145

Malware in sbrugna...

EUVD-2016-5557

Malware in sbrugna...

EUVD-2018-20845

Malware in sbrugna...

EUVD-2018-1930

Malware in sbrugna...

EUVD-2023-28248

Malicious code in bioql PyPI...

EUVD-2022-46474

Malicious code in bioql PyPI...

EUVD-2023-46128

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-7751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The svgprobe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service Infinite Loop via a crafted XML file...

The vulnerability of the Windows operating system’s event log allows a hacker to trigger a memory buffer overflow and re-write the XML log generated by the task scheduler.

The vulnerability of Windows operating system event logs is related to insufficient checking of values in XML log fields. Exploiting this vulnerability can allow an attacker to cause a memory buffer overflow in the event log and re-write it by sending a specially crafted XML file...

CVE-2024-51367

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

CVE-2025-25361

CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...