CVE-2025-58767

CVE-2025-58767 affects the Ruby XML toolkit REXML. The vulnerability exists in the REXML gem for versions 3.3.3–3.4.1 when parsing XML containing multiple XML declarations, leading to a DoS. A fix is available in REXML 3.4.2 and later. Remediate by upgrading to a patched version (3.4.2+). The con...

PT-2025-38243

Name of the Vulnerable Software and Affected Versions REXML versions 3.3.3 through 3.4.1 Description REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue...

REXML has DoS condition when parsing malformed XML file

Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...

REXML 资源管理错误漏洞

REXML is a Ruby open source XML toolkit for Ruby. A resource management error vulnerability exists in REXML versions 3.3.3 through 3.4.1, which stems from mishandling when parsing XML containing multiple XML declarations, and could lead to a denial of service attack...

This Week in Spring - September 16th, 2025

Hi, Spring fans! Welcome to another extra special installment of This Week in Spring , wherein we celebrate a very auspicious day indeed: the release of Java 25 and GraalVM 25! That's right: an incredible new iteration of the JVM has just dropped and with it come a ton of features! Let's go throu...

Security update for tiff

This update for tiff fixes the following issues: Updated TIFFMergeFieldInfo with readcount=writecount=0 for FIELDIGNORE bsc1243503 CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow when processing...

BIT-LIBPYTHON-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

HashiCorp Vault Enterprise和HashiCorp Vault Community 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault Community is a key management engine. HashiCorp Vault Community is a key management engine used to...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. A security vulnerability exists in fast-jwt versions prior to 5.0.6, which stems from improper validation of iss declarations and could lead to a forged JWT...

PT-2025-40072

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow issue was identified and resolved in the e1000 set eeprom function. The fix involves adding input validation for the length of changes requested in the EEPROM. The variab...

Security Bulletin: Vulnerability in QOS.CH reload4j affects watsonx.data

Summary QOS.CH reload4j could allow a remote attacker access to sensitive information or perform server-side attacks on watsonx.data. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitive information, caused by improper handling of X...

Fedora: Security Advisory for gnulib (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: string-template-maven-plugin-1.1-13.fc40

This plugin allows you to execute StringTemplate template files during your build. The values for templates can come from static declarations or from a Java class specified to be executed...

BIT-GOLANG-2022-1962 Stack exhaustion due to deeply nested types in go/parser

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

Red Hat 3scale Security Vulnerability

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A security vulnerability exists in Red Hat 3scale that stems from the use of JWT to incorrectly handle the validation of algorithmic declarations in token headers. An attacker could use...

CLSA-2023-1696880318 python2: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

CLSA-2023-1696879417 python2: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

CLSA-2023-1696878189 python: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

CLSA-2023-1696878020 python: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

CLSA-2023-1696877835 python: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...