MAL-2026-5762 Malicious code in npm-sandbox-research-e9f0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...

EUVD-2026-21047

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter...

Beszel 安全漏洞

Beszel is a lightweight server monitoring center developed by Hank’s individual developers. Versions of Beszel prior to 0.18.7 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of users’ access rights to system IDs through certain API endpoints,...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.1 (AXSA:2012-76:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-76:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

CVE-2025-52625

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

CVE-2025-52625 HCL AION is susceptible to Cacheable SSL Page Found vulnerability

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

CVE-2025-52625 HCL AION is susceptible to Cacheable SSL Page Found vulnerability

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

CVE-2025-52625

CVE-2025-52625 affects HCL AION 2.0. A vulnerability described as a Cacheable SSL Page Found issue could allow attackers with access to the device or browser to view cached data, exposing credentials, system identifiers, or internal file paths. Root cause specifics, affected components beyond the...

PT-2025-41545

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description A security issue has been identified in HCL AION where cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser. Recommendations At the...

EUVD-2021-0663

Malware in sbrugna...

CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

SUSE CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

Misinterpretation of malicious XML input

Overview Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Workarounds...

GHSA-H6Q6-9HQW-RWFV Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

DEBIAN-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

Input validation

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

UBUNTU-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

CVE-2021-21366

CVE-2021-21366 - xmldom : The vulnerability arises from xmldom’s handling of XML when repeatedly parsing and serializing malicious documents, due to improper preservation of system identifiers, FPIs, and namespaces. This can cause unexpected syntactic changes in downstream applications. The issue...

PT-2021-14448 · Xmldom +2 · Xmldom +2

Name of the Vulnerable Software and Affected Versions: xmldom versions 0.4.0 and older Description: The issue arises when xmldom versions 0.4.0 and older fail to correctly preserve system identifiers, FPIs, or namespaces when repeatedly parsing and serializing maliciously crafted documents. This...