CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

drchrono: XML Parser Bug: XXE over which leads to RCE

Hello security team, I have reported this issue on Feb 6, 2015 and i'm resubmit it here again. I was able to do XXE attack on your site and exposed the /etc/passwd file. Scenario: 1. Login to drchrono site. 2. Click on patients-patient 3. Click on ' Update patient via C-CDA XML.' 4. Select the fi...