DOMPurify 安全漏洞

DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for use with HTML, MathML, and SVG documents. Versions 3.1.3 to 3.3.1 and 2.5.3 to 2.5.8 of DOMPurify contain security vulnerabilities. These vulnerabilities stem from the lack of handling for five specific...

EUVD-2014-2772

Malware in sbrugna...

EUVD-2014-2770

Malware in sbrugna...

EUVD-2014-2771

Malware in sbrugna...

EUVD-2014-2773

Malware in sbrugna...

EUVD-2022-2659

Malicious code in bioql PyPI...

EUVD-2022-4285

Malicious code in bioql PyPI...

CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...

CVE-2014-2829

Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

PT-2025-16925 · Visicut · Visicut

Name of the Vulnerable Software and Affected Versions: VisiCut version 2.1 Description: The issue is related to insecure deserialization, where VisiCut 2.1 allows stack consumption via an XML document with nested set elements. This can be demonstrated by a java.util.HashMap StackOverflowError whe...

The vulnerability of the IBM Voice Gateway, a integration tool for voice and multimedia services, arises from the lack of measures taken to neutralize special elements used in XML. This vulnerability allows attackers to enhance their privileges.

The vulnerability of the IBM Voice Gateway, a integration tool for voice and multimedia services, is related to the lack of measures taken to neutralize special elements used in XML. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

CVE-2023-43755

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network request...

CVE-2023-3959

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...

Stack overflow

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not...

CVE-2023-3959 Zavio IP Camera Stack-Based Buffer Overflow

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...

CVE-2023-43755 Zavio IP Camera Stack-Based Buffer Overflow

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network request...

SUSE CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2020:0629-1)

This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues : CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

librsvg2 -- multiple vulnerabilities

Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

CVE-2019-4539

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812...