CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

CVE-2026-0684

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

UBUNTU-CVE-2026-0888

Information disclosure in the XML component. This vulnerability affects Firefox 147 and Thunderbird 147...

CVE-2026-0888 Information disclosure in the XML component

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox prior to version 147, which stems from an information leak in an XML component...

PT-2026-2636

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis admin init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-68493

CVE-2025-68493 describes a Missing XML Validation vulnerability in Apache Struts (affecting 2.0.0–2.2.1, 2.2.1–6.1.0; fixed in 6.1.1). A connected exploit resource provides a PoC targeting the XXE weakness in XWork, including a read-file payload (e.g., /etc/passwd) via the vulnerable XML parsing ...

Apache Struts 安全漏洞

Apache Struts is an open source project of the U.S. Apache Apache Foundation , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts version 2.0.0 to version 2.3.37 ...

CVE-2023-25955

National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...

CVE-2025-40584

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 All versions, SIMOTION SCOUT TIA V5.5 All versions, SIMOTION SCOUT TIA V5.6 All versions V5.6 SP1 HF7, SIMOTION SCOUT TIA V5.7 All versions V5.7 SP1 HF1, SIMOTION SCOUT V5.4 All versions, SIMOTION SCOUT V5.5 All versions, SIMOTION SCO...

Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Red Hat Developer Hub 1.7.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

iccDEV 安全漏洞

iccDEV is an open source color configuration code base from the International Color Consortium ICC. A security vulnerability exists in versions prior to iccDEV 2.3.1.2, which stems from a stack overflow in the XML Calculator macro extension...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium ICC. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from a null pointer dereference in the XML parser...

Cisco Identity Services Engine（Cisco ISE）和Cisco ISE Passive Identity Connector 代码问题漏洞

The Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.The Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by...

CVE-2025-36589

Dell Unisphere for PowerMax, versions 9.2.4.x, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended...

CVE-2026-21493

CVE-2026-21493 (iccDEV) affects the iccDEV library/tools used for ICC color management profiles. The vulnerability is a Type Confusion in the CIccSingleSampledeCurveXml class during XML Curve Serialization. Affected versions are 2.3.1.1 and earlier; the issue is fixed in version 2.3.1.2. The Red ...