IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server ranging from 11.7.0.0 to 11.7.1.6...

xxe-blind

XXE Out-of-Band File Exfiltration Tool Herramienta en bash pa...

Xerox FreeFlow Core 安全漏洞

Xerox FreeFlow Core is a flexible and easy-to-use software developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which could allow malicious users to execute...

CVE-2026-20051

A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service

A flaw was found in the Linux kernel's Virtual Extensible LAN VXLAN implementation. An attacker with elevated privileges CAPNETADMIN can exploit this vulnerability by configuring the system to accept and forward VXLAN packets. The issue arises from an incorrect nexthop hash size, where a 32-bit...

CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

CVE-2025-65519

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

CVE-2025-55853

SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...

ezBookkeeping 安全漏洞

ezBookkeeping is a lightweight personal accounting application developed by mayswind developers. Versions of ezBookkeeping 1.2.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of nested depths during the processing of JSON and XML file...

Missing XML Validation

Apache Struts is vulnerable to Missing XML Validation. The vulnerability is due to improper validation of XML input data, which allows an attacker to exploit the application by submitting crafted XML content that bypasses security controls...

kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service

A flaw was found in the Linux kernel's Virtual Extensible LAN VXLAN implementation. An attacker with elevated privileges CAPNETADMIN can exploit this vulnerability by configuring the system to accept and forward VXLAN packets. The issue arises from an incorrect nexthop hash size, where a 32-bit...

CLSA-2026-1770735752 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770734875 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CVE-2026-23717

A vulnerability has been identified in Simcenter Femap All versions V2512, Simcenter Nastran All versions V2512. The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the...

CVE-2026-23687

CVE-2026-23687 affects SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML to the verifier, potentially allowing tampered identity information and leading to unauthorized access to...

Siemens Simcenter Femap和Siemens Simcenter Nastran 缓冲区错误漏洞

Siemens Simcenter Femap and Siemens Simcenter Nastran are both products of German company Siemens. Siemens Simcenter Femap is a cutting-edge engineering simulation application designed for creating, editing, and importing/reusing finite element analysis models for complex products or systems...

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...