MINI-3HV6-W79W-XPCW

Bulletin has no description...

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection in the serialization of DocumentType nodes when attacker-controlled values are provided to the...

XML Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection in the serialization of DocumentType nodes when attacker-controlled values are provided to the publicId, systemId, ...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077

Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

PT-2026-31706

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.7 Description Beszel is a server monitoring platform. Some API endpoints in the Beszel hub accept a user-supplied system ID without verifying user access permissions. This allows authenticated users to access rout...

EUVD-2011-4503

Malware in sbrugna...

PT-2025-34422 · Unknown +1 · Alienware Wmi Wmax +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the platform/x86/alienware-wmi-wmax component. A fix was implemented to address a missing empty member in the awcc dmi table array, specifically...

CVE-2024-1654

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

CVE-2024-1654

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

E-Fun CMS 5.0 XML Injection

==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

SUSE-SU-2022:4635-1 Security update for conmon

This update for conmon fixes the following issues: conmon was updated to version 2.1.5: don't leak syslogidentifier logging: do not read more that the buf size logging: fix error handling Makefile: Fix install for FreeBSD signal: Track changes to getsignaldescriptor in the FreeBSD version Packit:...

XML External Entity (XXE)

Apache cayenne-server is vulnerable to XML external entity XXE. The XML external entity declaration is not disabled in the XML parser of the CayenneModeler and allows an attacker to access local or remote content via a declared system identifier...

MS:66782DE6-E76A-4182-AF82-470E4DD4F1F4

...

MS:672C7DE4-8447-464D-8FF7-9618043BC259

...