USN-8328-1: OpenJDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

DotNetNuke.Core security code analysis rules triggered

The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...

Linux Distros Unpatched Vulnerability : CVE-2025-12748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A...

The vulnerability of the library for processing XML and HTML markup, Lxml, is related to the use of the NULL pointer pointer. This allows a malicious actor to cause a service failure.

The vulnerability of the Lxml library for processing XML and HTML markup is related to errors in pointer manipulation involving NULL pointers. Exploiting this vulnerability could allow an attacker to cause service failures...

[SECURITY] Fedora 38 Update: gitit-0.15.1.1-3.fc38

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

[SECURITY] Fedora 39 Update: gitit-0.15.1.1-6.fc39

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

The vulnerability of the HTMLparser function in the TYPO3 content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the HTMLparser function in the TYPO3 content management system exists because measures are not taken to protect the structure of web pages when processing HTML tags and attributes. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

[SECURITY] Fedora 31 Update: gitit-0.12.3.2-4.fc31

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

[SECURITY] Fedora 32 Update: gitit-0.12.3.2-6.fc32

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

PT-2020-18079 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.0.1 through 7.6.0.2 Description: The issue allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection XXE attack when processing XML...

Critical: Red Hat Security Advisory: .NET Core security update

An update for .NET Core is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2019-5892 · Reportlab +4 · Reportlab +4

Name of the Vulnerable Software and Affected Versions: ReportLab versions prior to 3.5.27 Description: The issue is related to the toColorevalarg function in the ReportLab library, which is connected to an error in processing XML documents. This can be exploited by a remote attacker to gain acces...

A vulnerability in the library for processing and transforming HTML/XML code fragments, called Ruby Loofah, arises due to improper handling of input during web page generation. This vulnerability allows attackers to inject arbitrary JavaScript code.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to insufficient cleaning of SVG elements in JavaScript. Exploiting this vulnerability allows a remote attacker to inject arbitrary JavaScript code...