30 matches found
EUVD-2018-0664
Malware in sbrugna...
EUVD-2024-2166
Malicious code in bioql PyPI...
EUVD-2022-1635
Malicious code in bioql PyPI...
CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2020-5227
Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...
CVE-2024-47113
CVE-2024-47113 affects IBM ICP - Voice Gateway versions 1.0.2–1.0.8. The issue is an XML injection/XML handling flaw that allows a remote attacker to send specially crafted XML statements and view or modify information within the XML document. IBM’s bulletin and Red Hat/IBM advisories indicate th...
GHSA-CC4W-3CFF-J8FW Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j24h-xcpc-9jw8. This link is maintained to preserve external references. Original Description In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE...
PT-2023-26687 · Unknown · Client Dicom Rtst Loading Modules +1
Name of the Vulnerable Software and Affected Versions: MIM Assistant and Client DICOM RTst Loading modules affected versions not specified Description: The issue concerns an Improper Restriction of XML External Entity Reference, which allows XML Entity Linking or XML External Entity attacks...
CVE-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
GHSA-5H7W-HMXC-99G5 Cross site scripting in safe-svg
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
Cross site scripting in safe-svg
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending...
CVE-2022-1091
The CVE-2022-1091 issue affects the Safe SVG WordPress plugin prior to version 1.9.10. The sanitisation step can be bypassed by spoofing the content-type in a POST request to upload an SVG file, allowing an attacker to perform XSS (and potentially other XML-related attacks depending on the SVG us...
WordPress plugin sanitisation step of the Safe SVG 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Safe SVG < 1.9.10 - SVG Sanitisation Bypass
The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...
GHSA-R2MJ-8WGQ-73M6 XML External Entity Reference in Glances
The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
XML External Entity Reference in Glances
The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
CVE-2021-23418
The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
CVE-2021-23418
The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...