10 matches found
PT-2025-25520
Name of the Vulnerable Software and Affected Versions libxml2 versions affected versions not specified Description A use-after-free issue was found in libxml2, occurring when parsing XPath elements under certain circumstances, specifically when the XML schematron contains the "sch:name path" sche...
XML External Entity (XXE)
detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read function in BaselineFormat.kt due to improper validation which allows an attacker to submit a malicious XML document...
XML External Entity (XXE)
xmlgraphics-commons is vulnerable to XML external entity attacks. The external DTDs are not disabled by default and allows an attacker submit requests on behalf of the server via a malicious XML document...
XML External Entity (XXE)
everrest-core is vulnerable to XML external entity XXE attacks. The external DTDs are not disabled by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server or read system files...
XML External Entity (XXE)
maven-bundle-plugin is vulnerable to XML external entity XXE attacks. The external DTDs is not disabled by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server or read system files...
Cross-Site Scripting (XSS)
erubis is vulnerable to cross-site scripting XSS. The single quote character ' is not validated and allows a remote attacker to inject and execute arbitrary Javascript in a user's browser via a template source and a malicious XML document...
XML External Entity (XXE)
odata-server-core is vulnerable to XML external entity XXE attacks. The support for external entities are not disabled and allows remote attackers to inject a malicious XML document to retrieve confidential system files or perform requests on behalf of the server...
XML External Entities (XXE)
expat is vulnerable to denial of service. Entities expansions are not properly handled unless using the XMLSetEntityDeclHandler function. This allows remote attackers to crash the process, send HTTP requests on behalf of the server or read arbitrary files via a malicious XML document...
Denial Of Service (Dos)
libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...
Denial Of Service (DoS)
comet is vulnerable to denial of service DoS attacks. It is possible for an attacker to create a malicious XML document to parse, causing resource exhaustion when expanding XML entity...