CVE-2026-5971

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

GHSA-3GHP-8R47-4GJ4 FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

CVE-2026-5971 FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by operations on the ActionNode.xmlfill function in the XML Handler component, which could lead to improper instructions in...

EUVD-2015-1093

Malware in sbrugna...

EUVD-2018-0486

Malware in sbrugna...

EUVD-2021-34131

Malicious code in bioql PyPI...

EUVD-2021-34141

Malicious code in bioql PyPI...

CVE-2025-10816

A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated...

CVE-2025-10816 Jinher OA XML text xml external entity reference

A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated...

CVE-2025-10092

A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit h...

CVE-2025-10092 Jinher OA XML Type xml external entity reference

A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit h...

CVE-2025-10092 Jinher OA XML Type xml external entity reference

A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit h...

CVE-2025-10091

CVE-2025-10091 affects Jinher OA up to version 1.2. The vulnerability is located in the XML Handler component, specifically the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add, where manipulation enables an XML External Entity (XXE) reference. Remote exploitation is possibl...

PT-2025-36455

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2 Description: A vulnerability exists in Jinher OA that allows for xml external entity reference. The issue affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add...

ROS-20240806-02

A vulnerability in the XML Handler component of the cross-platform messenger for the Jabber Gajim protocol is related to the the creation of XML strophs, allowing messages that were not sent by other users. Exploitation of the vulnerability could allow an attacker acting remotely to have an Impac...

Amazon Linux 2 : libplist (ALAS-2023-2067)

The version of libplist installed on the remote host is prior to 1.12-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2067 advisory. A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plistfromxml of the fil...

SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2023:0872-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0872-1 advisory. - A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function...