Photon OS 5.0: Netkit PHSA-2025-5.0-0666

An update of the netkit package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0666. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

CVE-2025-41041 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...

SUSE CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

UBUNTU-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

chromium-browser: Heap buffer overflow in Blink

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

Microsoft .NET Framework Information Disclosure Vulnerability (CNVD-2016-12419)

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

jenkins: Remote code execution through remote API (SECURITY-247)

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

The vulnerability of the Microsoft Visio graphical editor, allowing a hacker to execute arbitrary code

The vulnerability of Microsoft Visio’s graphical editor is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted UML data within an Office document...