EUVD-2025-18416

Malicious code in bioql PyPI...

SUSE CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

GHSA-5FG8-2547-MR8Q Misinterpretation of malicious XML input

Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...

CVE-2021-32796 Misinterpretation of malicious XML input in xmldom

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

Heap-based Buffer Overread

The nokogiri gem contains a libxml2 package which is vulnerable to a heap-based buffer overread vulnerability. The vulnerability in libxml2 is referenced as CVE-2016-1833. Using a flaw in the htmlCurrentChar function, attackers can trigger the vulnerability using malicious XML input...

Heap-Based Buffer Overflow In Libxml2

nokogiri gem is using libxml2 which is vulnerable to CVE-2016-1834. The vulnerability exists when xmlStrlen returns a negative length in the xmlStrncat function. Therefore, it may lead to other attacks such as denial of service or arbitrary code execution through a heap-based buffer overflow usin...

Ubuntu Update for libxslt vulnerabilities USN-633-1

Ubuntu Update for Linux kernel vulnerabilities USN-633-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6331.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libxslt vulnerabilities USN-633-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...