📄 Open Journal Systems 3.5.0-1 Path Traversal

Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...

EUVD-2025-19057

Malicious code in bioql PyPI...

EUVD-2025-4265

Malicious code in bioql PyPI...

EUVD-2023-35217

Malicious code in bioql PyPI...

XML External Entity (XXE) Injection

Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

CVE-2025-52888

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888

CVE-2025-52888 affects Allure 2’s xunit-xml-plugin (pre-2.34.1). The vulnerability arises from insecure configuration of the XML parser (DocumentBuilderFactory), allowing external entity expansion during processing of test result XML files. Impact: arbitrary file disclosure and potential SSRF. Re...

PT-2025-26776 · Unknown +1 · Xunit-Xml-Plugin +1

Name of the Vulnerable Software and Affected Versions: Allure 2 versions prior to 2.34.1 Description: A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external...

CVE-2023-47242

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin = 7.5 versions...

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A security vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS versions prior to 3.3.0.21 and versions prior to 3.4.x through 3.4.0.8,...

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

@appium/universal-xml-plugin (>=1.0.18 <=1.0.20), @cardscan.ai/cardscan-client (>=0.1.0 <=0.4.3) +105 more potentially affected by CVE-2024-41818 via fast-xml-parser (>=4.3.5 <=4.4.0)

fast-xml-parser NPM version =4.3.5, =1.0.18, =0.1.0, =1.1.0, =8.0.167, =11.49.0, =13.4.12, =11.49.0, =28.16.23, =11.49.0, =0.0.145, =1.0.0, =10.3.11, =0.1.11, =8.0.167, =5.0.167, =5.0.200 and more Source cves: CVE-2024-41818 Source advisory: OSV:GHSA-MPG4-RC92-VX8V...

CVE-2023-47656

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin = 7.5 versions...