Lucene search
K

993 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40521

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0028EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-13449

IBM Business Automation Manager Open Editions (versions 9.0.0–9.4.2) are vulnerable to an XML External Entity (XXE) attack when processing XML data, potentially exposing sensitive information or exhausting memory. Root cause: XXE in XML processing. Impact: confidentiality and availability risks a...

9.1CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week14 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:30 p.m.5 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...

7.5CVSS6.8AI score0.01256EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling during the parsing of crafted XML files, resulting in a heap out-of-bounds read...

6.5CVSS6.4AI score0.00917EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, when parsing a crafted XML file, performs incorrect memory handling, resulting in a NULL pointer being dereferenced while running strlen on a NULL pointer...

6.5CVSS6.6AI score0.01169EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/11 1:5 p.m.13 views

guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/11 12:42 p.m.26 views

CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:33 p.m.5 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Schneider Electric Data Center Expert 代码问题漏洞

Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 6:41 p.m.34 views

CVE-2026-46490

CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...

8.8CVSS5.4AI score0.00383EPSS
Exploits2References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.9 views

Routinator crashes when encountering maliciously crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.2AI score0.00358EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.9 views

CVE-2026-11196

A type confusion flaw was found in the XML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503879106...

6.5CVSS5.4AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.11 views

CVE-2026-11169

An inappropriate implementation flaw was found in the XML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502285273...

8.1CVSS5.4AI score0.00211EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.9 views

SUSE CVE-2026-11196

Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.7 views

CVE-2026-21999

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction...

5.3CVSS7.4AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41675

A flaw was found in xmldom. A remote attacker can exploit this vulnerability by providing specially crafted processing instruction data. Due to improper validation of the processing instruction closing sequence, the attacker can terminate the instruction prematurely and inject arbitrary XML nodes...

8.7CVSS5.2AI score0.00408EPSS
Exploits0References7
Rows per page
Query Builder