CVE-2026-53723 guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

SUSE CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

PT-2018-14726 · Go · Gitea

Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.5.4 Description: The issue allows remote code execution due to improper validation of session IDs, specifically related to session ID handling in the go-macaron/session code for Macaron. Recommendations: For versions...

Google Go Denial of Service Vulnerability

Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A denial of service vulnerability exists in the Verify function in the crypto/dsa/dsa.go file in Google Go versions prior to 1.5.4 and 1.6.x versions prior to 1.6.1, which stems from a...