RHEL 9 : libxml2 (RHSA-2025:13428)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13428 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-Bounds...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1722)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML External Entity (XXE) Injection

Overview langchain-text-splitters is a LangChain text splitting utilities Affected versions of this package are vulnerable to XML External Entity XXE Injection due to insecure XML parser configurations and the presence of the xsltpath parameter in the HTMLSectionSplitter class. Details XXE...

Dell SmartFabric OS10 Software Code Issue Vulnerability

Dell SmartFabric OS10 Software is network operating system software developed by Dell to simplify the management and automation of data center network architectures. A security vulnerability exists in Dell SmartFabric OS10 Software versions prior to 10.6.0.5 that stems from improper handling of X...

The vulnerability of the SmartFabric OS10 network operating system, related to incorrect restrictions on XML links to external objects, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SmartFabric OS10 network operating system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

Insufficiently Protected Credentials

Overview org.opencastproject:opencast-kernel is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching MediaPackage elements included in a...

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

SAMSUNG MagicINFO 9 Server XML External Entity References Improperly Restricted Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung South Korea. SAMSUNG MagicINFO 9 Server suffers from an improperly restricted XML external entity reference vulnerability that can be exploited by attackers to obtain...

Adobe ColdFusion XML Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an XML injection vulnerability that can be exploited by attackers to access...

XML External Entity (XXE) Injection

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.1.2-0 that stems from an infinite loop in a specific XMP file conversion command...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the ColdFusion software platform, related to errors in XML request processing, allows attackers to read arbitrary files.

The vulnerability of the ColdFusion software platform is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

DEBIAN-CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...