157 matches found
Nmap 安全漏洞
Nmap is an open-source tool for network discovery and security scanning developed by Nmap. Version 7.70 of Nmap contains a security vulnerability. This vulnerability arises from handling malicious XML files containing exponentially growing entity extensions, which can lead to a denial-of-service...
OESA-2026-1917 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
CVE-2026-39367
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...
CVE-2026-39367
WWBN AVideo (versions 26.0 and earlier) has a stored XSS vector in the EPG page. The EPG feature parses XML from user-controlled URLs and renders elements directly into HTML without sanitization, allowing a user with upload permission to point epg_link to a malicious XML to trigger JavaScript ex...
PT-2026-30986
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epg li...
CVE-2018-25142
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...
Malicious Package
Overview fruit-malicious-xml-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in fruit-malicious-xml-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c330d59c7529d320701e6ccf11a655110e1aeb7c9ad5d15c34ba10941c6343a6 The package fruit-malicious-xml-parser was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192550 Malicious code in fruit-malicious-xml-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c330d59c7529d320701e6ccf11a655110e1aeb7c9ad5d15c34ba10941c6343a6 The package fruit-malicious-xml-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202949
Malicious code in fruit-malicious-xml-parser npm...
EUVD-2020-16329
Malware in sbrugna...
EUVD-2020-3936
Malware in sbrugna...
EUVD-2019-18384
Malware in sbrugna...
EUVD-2024-0162
Malicious code in bioql PyPI...
EUVD-2025-21742
Malicious code in bioql PyPI...
EUVD-2022-35826
Malicious code in bioql PyPI...
EUVD-2021-30851
Malicious code in bioql PyPI...
EUVD-2025-17677
Malicious code in bioql PyPI...
EUVD-2025-18416
Malicious code in bioql PyPI...