EUVD-2025-209595

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....

CVE-2025-14543

CVE-2025-14543 affects Connext Professional (Core Libraries) with an XML External Entity Reference (XXE) vulnerability that enables Serialized Data External Linking. The issue is described as an improper restriction of external entities. Affected versions include: from 7.4.0 up to but not includi...

EUVD-2026-17765

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...

PT-2025-32689 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0 Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This...

GLPI Permission License and Access Control Issues Vulnerability

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

GLPI 安全漏洞

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from an SQL injection vulnerability that stems from regular...

SQL injection vulnerability in the save.php file of TreeHole's external link system

TreeHole Outbound Linking System is a free and open source outbound linking system. Treehole external link system save.php file SQL injection vulnerability , the vulnerability stems from x-forwarded-for failure to adequately filter , an attacker can exploit the vulnerability to access or modify...