EUVD-2026-34469

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...

CVE-2026-11169

The CVE-2026-11169 issue affects Google Chrome (Chromium-based) and is described as an inappropriate XML implementation that enables UXSS via a crafted XML file. Affected software is Chrome prior to version 149.0.7827.53. The underlying cause is an improper XML handling path within Chrome/Chromiu...

CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

CVE-2026-11035

CVE-2026-11035 describes an inappropriate implementation in Google Chrome for Android’s Custom Tabs prior to version 149.0.7827.53, enabling a local attacker to escalate privileges via a crafted XML file. The underlying issue is in the Custom Tabs integration, leading to total impact on confident...

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

FacturaScripts 2025.43 - XSS

Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

CVE-2026-33899

A flaw was found in ImageMagick. When processing a specially crafted XML file, a remote attacker could exploit an out-of-bounds write vulnerability. This could lead to a denial of service, making the affected program unavailable. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-67289

CVE-2025-67289 affects Frappe Framework, specifically the Attachments module in v15.89.0. The vulnerability allows arbitrary code execution through uploading a crafted XML file, enabling an attacker to run code on the server. The CVSS v3.1 base score is 9.6 (CRITICAL) with network access, no priv...

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2018-13145

Malware in sbrugna...

EUVD-2016-5557

Malware in sbrugna...

EUVD-2018-1930

Malware in sbrugna...

EUVD-2018-20845

Malware in sbrugna...

EUVD-2023-46128

Malicious code in bioql PyPI...

EUVD-2022-46474

Malicious code in bioql PyPI...

EUVD-2023-28248

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-7751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The svgprobe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service Infinite Loop via a crafted XML file...

The vulnerability of the Windows operating system’s event log allows a hacker to trigger a memory buffer overflow and re-write the XML log generated by the task scheduler.

The vulnerability of Windows operating system event logs is related to insufficient checking of values in XML log fields. Exploiting this vulnerability can allow an attacker to cause a memory buffer overflow in the event log and re-write it by sending a specially crafted XML file...

CVE-2024-51367

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...