EUVD-2023-45723

Malicious code in bioql PyPI...

CVE-2023-41203

D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41204

D-Link DAP-1325 SetAPLanSettings SecondaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

Trend Micro IMSVA External Entity Injection (CVE-2020-27017)

An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...

Oracle Weblogic Server Remote Code Execution (CVE-2019-2888)

An External Entity Injection vulnerability exists in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data. A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation of this vulnerability could result...

Command injection

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...