GHSA-9WFJ-C55W-J9QR Kirby has XML injection in its XML creator toolkit

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::encode$string, 'xml' or the Xml::create, Xml::tag or Xml::value methods in site or plugin code. The Kirby core does not use any of the affected methods. If consumers use an affected method and cannot rule o...

PT-2026-34815

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description The Xml::value method in Kirby contains a flaw in how it handles blocks. While the method is designed to allow valid CDATA to pass through without being escaped a second...

CVE-2026-21502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

PT-2026-2068

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A NULL pointer dereference issue exists in the XML tag parser in versions...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium ICC. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from a null pointer dereference in the XML tag parser...

io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution

In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials,...

io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution

In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials,...

EUVD-2006-4776

Malware in sbrugna...

EUVD-2017-6186

Malware in sbrugna...

EUVD-2025-19726

Malicious code in bioql PyPI...

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

CVE-2025-59952

CVE-2025-59952 is a vulnerability in the MinIO Java SDK (minio-java). In versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were substituted with their actual values during processing, potentially exposing sensitive information (credentials...

BIT-MODSECURITY2-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

BIT-MODSECURITY-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

UBUNTU-CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...