EUVD-2022-2933

Malicious code in bioql PyPI...

XML External Entity (XXE)

org.neo4j.procedure:apoc-core is vulnerable to XML External Entity XXE attacks. A remote authenticated attacker is able to trigger an XML external entity injection via the parseXML function which allows external entities to be resolved due to an improper configuration of the apoc.import.graphml...

GHSA-773H-W45W-F2F9 Denial of service vulnerability exists in libxmljs

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a...

Code injection

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

XML External Entity (XXE) Injection

easy-xml is vulnerable to XML external entity injection. When processing XML data, the parseXML function in init .py allows an attacker to access sensitive data or crash the application...

CVE-2020-26705

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity XXE vulnerability which allows for an attacker to expose sensitive data or perform a denial of service DOS via a crafted external entity entered into the XML content as input...

CVE-2020-26705

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity XXE vulnerability which allows for an attacker to expose sensitive data or perform a denial of service DOS via a crafted external entity entered into the XML content as input...