The vulnerability of the “Import from XML and YML” plugin exists due to the lack of protective measures for website structure. This allows attackers to execute XSS attacks.

The vulnerability of the “Import from XML, and YML” plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

LDP$^3$: an Extensible and Multi-Threaded Toolkit for Local Differential Privacy Protocols and Post-Processing Methods

Local differential privacy LDP has become a prominent notion for privacy-preserving data collection. While numerous LDP protocols and post-processing PP methods have been developed, selecting an optimal combination under different privacy budgets and datasets remains a challenge. Moreover, the la...

ModSecurity 输入验证错误漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. An input validation error vulnerability exists in ModSecurity versions prior to 2.9.8 through 2.9.11, which stems from an empty XML tag that could lead to a segmentation error...

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system is related to the allocation of unlimited memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

Akamai CloudTest 代码问题漏洞

Akamai CloudTest is a suite of scalable load testing platforms from Akamai, USA. A code issue vulnerability exists in Akamai CloudTest versions prior to 2025.06.02, which stems from XML external entity injection and may result in file inclusion...

[SECURITY] Fedora 41 Update: trafficserver-9.2.11-1.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

[SECURITY] Fedora 41 Update: aerc-0.20.1-2.fc41

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

[SECURITY] Fedora 42 Update: aerc-0.20.1-3.fc42

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to incorrect restrictions on XML links to external objects, allows attackers to disclose protected information or exploit memory resources.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information or access memory resources...

Poster: FedBlockParadox -- a Framework for Simulating and Securing Decentralized Federated Learning

A significant body of research in decentralized federated learning focuses on combining the privacy-preserving properties of federated learning with the resilience and transparency offered by blockchain-based systems. While these approaches are promising, they often lack flexible tools to evaluat...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2023-22662

Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some IntelR Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access...

CVE-2022-21205

Improper restriction of XML external entity reference in DSP Builder Pro for IntelR QuartusR Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access...

CVE-2021-39300

Potential vulnerabilities have been identified in UEFI firmware BIOS for some PC products which may allow escalation of privilege and arbitrary code execution...

CVE-2008-1113

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol PEAP, does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle MITM attacks...