pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.10.0, pypdf had a security vulnerability. This vulnerability stemmed from the manipulated XMP metadata entity...

Security update for expat

This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the external parameter entity with empty text if referenced inside an entity declaration value processing. An attacker can cause a denial of service by providing empty content to this component. Remediation...

CVE-2013-6244

The Live Update webdynpro application webdynpro/dispatcher/sap.com/tcslmuilup/LUP in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an...

NULL Pointer Dereference

Overview libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to NULL Pointer Dereference in the parsing process of specially crafted XML documents when accessing the ref property on entityref and entitydecl nodes. An attacker can cause a...

CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

EUVD-2025-205443

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

PT-2025-53592

Name of the Vulnerable Software and Affected Versions libxmljs version 1.0.11 Description A flaw exists in libxmljs when processing a specifically designed XML document. Accessing the internal ref property on entity ref and entity decl nodes can result in a segmentation fault, potentially causing...

expat: internal entity expansion

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

EUVD-2016-0354

Malware in sbrugna...

EUVD-2015-3022

Malware in sbrugna...

EUVD-2016-0319

Malware in sbrugna...

EUVD-2016-2457

Malware in sbrugna...

EUVD-2013-0350

Malware in sbrugna...

EUVD-2016-0280

Malware in sbrugna...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

Important: python3

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

XML Injection in Apache Solr

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function which allows remote attackers to cause a denial of service (resource consumption) send HTTP requests to intranet servers or read arbitrary files via a crafted XML document aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion the responsibility for resolving this issue lies with application developers; according to this argument this entry should be REJECTed and each affected application would need its own CVE.

...