Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, a Chinese company. A code issue vulnerability exists in Jinher OA 1.2 and prior versions, which arises from the presence of XML external entity references in the XML Handler component...

jaeles

This is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. The framework is called Jaeles and is designed to be highly customizable. It has a modular architecture, allowing users to easily add or remove plugins to suit their needs. T...

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

...

SUSE CVE-2025-9375

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator,...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-57704

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

PT-2025-34746

Name of the Vulnerable Software and Affected Versions: Delta Electronics EIP Builder version 1.11 Description: Delta Electronics EIP Builder version 1.11 is susceptible to a file parsing XML External Entity XXE processing information disclosure issue. This allows for the potential disclosure of...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 contain an unauthenticated EFI shell that can be leveraged to execute arbitrary code or escalate privileges during boot. Root cause is an EFI shell exposure in the RSU firmware; aff...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-6188

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication...

CVE-2025-6188

CVE-2025-6188 affects Arista EOS: specially crafted UDP packets with source port 3503 may be accepted, potentially causing unexpected behavior in UDP services without authentication. Affected EOS releases include 4.30.x, 4.31.x, 4.32.x, 4.33.x, and 4.34.x train lines (exact sub-releases listed in...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

Linux Distros Unpatched Vulnerability : CVE-2016-4570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted...

CVE-2022-45133

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

CVE-2022-45134

Mahara 21.10 < 21.10.6, 22.04 < 22.04.4, and 22.10

Linux Distros Unpatched Vulnerability : CVE-2017-14687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faultin...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

ROS-20250821-02

A vulnerability in the BinaryStreamDriver component of the Java library for converting objects to XML or JSON XStream format is related to a buffer overflow on the stack from a manipulated binary input stream. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...

Linux Distros Unpatched Vulnerability : CVE-2019-5427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion wh...