Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2721 matches found

Snyk
Snykadded 2025/12/12 2:25 a.m.2 views

Malicious Package

Overview fruit-malicious-xml-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVDadded 2025/12/12 2:25 a.m.2 views

EUVD-2025-202951

Malicious code in bfruitmaliciousxmlparser npm...

6.6AI score
Exploits0References1
EUVD
EUVDadded 2025/12/12 2:25 a.m.6 views

EUVD-2025-202949

Malicious code in fruit-malicious-xml-parser npm...

6.6AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/09 1:55 a.m.1 views

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS6.7AI score0.00383EPSS
Exploits0References3
Snyk
Snykadded 2025/11/28 4:41 a.m.2 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...

2.8CVSS7.4AI score0.00104EPSS
Exploits0References2
OSV
OSVadded 2025/11/26 12:0 a.m.4 views

ALSA-2025:22175 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.6AI score0.01238EPSS
Exploits1References4
OSV
OSVadded 2025/11/11 12:0 a.m.3 views

ALSA-2025:21030 Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS6.8AI score0.01238EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/11/05 5:18 p.m.6 views

CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVEadded 2025/11/05 5:18 p.m.29 views

CVE-2025-10713

CVE-2025-10713 is an XML External Entity (XXE) vulnerability affecting multiple WSO2 products due to improper XML parser configuration. The issue allows an attacker to read sensitive server files or cause DoS via unrestrained external entities. Documented impact: remote, unauthenticated access wi...

9.1CVSS6.5AI score0.00371EPSS
Exploits0References1Affected Software8
Positive Technologies
Positive Technologiesadded 2025/11/05 12:0 a.m.4 views

PT-2025-45144

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An issue exists where the XML parser is improperly configured. The application processes user-provided XML data without adequate restrictions, potentially allowing the resolution of...

6.5CVSS6.5AI score0.00371EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/29 3:31 p.m.3 views

EUVD-2025-36649

Jenkins JDepend Plugin vulnerable to XML external entity attacks...

7.1CVSS6.5AI score0.00292EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/10/29 2:8 p.m.2 views

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS6.9AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/10/29 2:8 p.m.3 views

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS7AI score0.00267EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/10/29 1:29 p.m.6 views

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

0.00292EPSS
Exploits0References1
OSV
OSVadded 2025/10/28 2:15 p.m.2 views

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS5.8AI score0.00267EPSS
Exploits1References2
NVD
NVDadded 2025/10/28 2:15 p.m.4 views

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS0.00267EPSS
Exploits1References2
CVE
CVEadded 2025/10/28 1:45 p.m.6 views

CVE-2025-53855

The CVE-2025-53855 entry refers to an out-of-bounds write in the XML parser of GCC Productions Inc. Fade In 4.2.0. Talos confirms a vulnerability in Fade In’s XML parsing logic where the software can access memory via a missing/negated index, causing an out-of-bounds write and memory corruption. ...

7.8CVSS6.9AI score0.00267EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/10/28 1:45 p.m.6 views

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS0.00267EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/28 1:45 p.m.3 views

EUVD-2025-36500

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS6.7AI score0.00267EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/10/28 1:45 p.m.2 views

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

7.8CVSS6.9AI score0.00267EPSS
Exploits1References1
Rows per page
Query Builder