CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability stems from the possibility of consuming excessive CPU resources when parsing...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33905: Denial of service via out-of-bounds read in -sample...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-33899

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-1...

Pachno 安全漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains a security vulnerability, which stems from insecure XML parsing. This vulnerability could allow unverified attackers to read arbitrary files...

CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

UBUNTU-CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

OESA-2025-2813 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China Mito MetInfo. A security vulnerability exists in MetInfo CMS 8.1 and prior versions, which stems from a flaw in the XML parsing logic and could lead to a server-side request forgery attack...

EUVD-2020-21244

Malware in sbrugna...

RockyLinux 9 : podman (RLSA-2025:7391)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7391 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of...

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool from Apache USA that monitors various components. A security vulnerability exists in Apache HertzBeat versions prior to 1.7.0, which stems from an XML parsing vulnerability that could lead to remote code execution...

SUSE CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

Lenovo Filez 代码问题漏洞

Lenovo Filez is an enterprise web drive by the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo Filez that stems from improper XML parsing, which could lead to arbitrary file reading...

GHSA-W9J7-PHM3-F97J Ucum-java has an XXE vulnerability in XML parsing

Impact XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

PYSEC-2024-162

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...