Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to the disclosure of arbitrary memory. An attacker could exploit this vulnerability to bypass security measures such as ASLR. Exploiting this issue requires user interaction, as the...

Astra Linux – Vulnerability in libxml2

A vulnerability was discovered in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to create a malicious XML input file that can cause libxml to crash, resulting in a denial of service or other undefined...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...

CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

CVE-2026-45656

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally...

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability

...

Qualcomm Fastboot UEFI Vulnerabilities - Lenovo Support US

No description provided...

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

A Bayesian Network Approach for Enhancing Security-Focused Decision Support Systems

The adoption and integration of heterogeneous stacks in most of today's open-source based networks brings clear benefits like interoperability and availability of advanced features. Yet, on the other hand the increasing number of interconnecting components and moving parts requires maintaining an...

Microsoft Windows UEFI 处理逻辑错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows UEFI. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are affected: Windows 11...

Schneider Electric Data Center Expert 代码问题漏洞

Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Arista Extensible Operating System EOS contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP...

CVE-2026-46490

CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...

Routinator crashes when encountering maliciously crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

CVE-2026-11196

A type confusion flaw was found in the XML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503879106...

CVE-2026-11169

An inappropriate implementation flaw was found in the XML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502285273...