XML Injection

Overview Affected versions of this package are vulnerable to XML Injection in the KML and GPX export functionality. An attacker can corrupt the file structure and spoof exported location data by creating a device with a crafted name that injects XML content into the exported files. Remediation...

CVE-2026-27693

CVE-2026-27693 affects Traccar (org.traccar:traccar) versions 6.11.1–

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

EUVD-2026-27307

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

NordicTrackExploit

QZCompanionNordictrackTreadmill Companion App of QZ for Nordic...

GHSA-JQMR-2PG9-VFX7 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

CVE-2025-68280 Apache SIS: XML External Entity (XXE) vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

EUVD-2012-5922

Malware in sbrugna...

EUVD-2025-5603

Malicious code in bioql PyPI...

EUVD-2023-48593

Malicious code in bioql PyPI...

EUVD-2025-11633

Malicious code in bioql PyPI...

EUVD-2024-49673

Malicious code in bioql PyPI...

CVE-2024-9028

The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-44234

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08...

CVE-2012-6048

Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service crash via a long string in a gpx file...

CVE-2025-27313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bernd Altmeier Google Maps GPX Viewer google-maps-gpx-viewer allows Reflected XSS.This issue affects Google Maps GPX Viewer: from n/a through = 3.6...

CVE-2025-27313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bernd Altmeier Google Maps GPX Viewer google-maps-gpx-viewer allows Reflected XSS.This issue affects Google Maps GPX Viewer: from n/a through = 3.6...