14 matches found
CVE-2026-41675
CVE-2026-41675 affects the xmldom/xmldom package. The vulnerability stems from attacker-controlled processing instruction data being serialized without validating or neutralizing the PI-closing sequence ?>, allowing injection of arbitrary XML nodes into the serialized output. Affected versions...
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper validation or neutralization of the PI end sequence when...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
EUVD-2026-1184
Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...
GRAPHTEXTACK: A Realistic Black-Box Node Injection Attack on LLM-Enhanced GNNs
Text-attributed graphs TAGs, which combine structural and textual node information, are ubiquitous across many domains. Recent work integrates Large Language Models LLMs with Graph Neural Networks GNNs to jointly model semantics and structure, resulting in more general and expressive models that...
PT-2024-22896 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill versions 2 Description: An unauthorized node injection issue allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. Recommendations: For ROS2 Humble Hawksbill version 2, consider...
CVE-2024-30723
CVE-2024-30723 is rejected/not used; this candidate was withdrawn by its CNA and has no vulnerability entry.
PT-2024-23570 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized node injection issue allows remote attackers to escalate privileges. Recommendations: For ROS2 Galactic Geochelone versions wher...
PT-2024-23558 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions 2 Description: The issue allows a malicious user to escalate privileges by injecting malicious ROS2 nodes into the system remotely. Recommendations: For ROS2 Iron Irwini version 2, at the moment, there is no...
PT-2024-23598 · Unknown · Ros Kinetic Kame
Name of the Vulnerable Software and Affected Versions: ROS Kinetic Kame affected versions not specified Description: The issue is related to an unauthorized node injection vulnerability. The estimated number of potentially affected devices and details about real-world incidents are not provided...
PT-2023-24391 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 Foxy Fitzroy versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized node injection issue has been identified, which could allow a malicious user to inject malicious ROS2 nodes into the system remotely...
CVE-2023-33566
CVE-2023-33566 is rejected; this entry does not represent an active vulnerability.