CVE-2026-25582

iccDEV contains a heap-based read buffer overflow in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via the iccFromXml tool. Affected versions are prior to 2.3.1.3. The issue has been patched in version 2.3.1.3. Remediation is to upgrade to 2.3.1.3 or later. Exploitation...

CVE-2026-25582

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow read vulnerability in CIccIO::WriteUInt16Float when converting malformed XML to ICC profiles via...

Arbitrary File Read

xml2rfc is vulnerable to Arbitrary file read. The vulnerability is due to improper input sanitization when generating PDF files, which allows an attacker to inject a malicious link element into the prepped RFCXML and read arbitrary files from the filesystem...

EUVD-2025-29471

Malicious code in bioql PyPI...

EUVD-2022-7491

Malicious code in bioql PyPI...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 true positive The project illustrate...

Apigee API Security policies howto

The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs Application Programming Interfaces" have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this...

The vulnerability of the XML conversion software “xml2js” to JavaScript lies in the uncontrolled modification of object prototype attributes. This allows attackers to edit or add new properties to objects.

The vulnerability of the XML object conversion software using JavaScript’s xml2js is related to uncontrolled changes to the attributes of the prototype object. Exploiting this vulnerability allows a malicious actor to remotely modify the properties of the proto object...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...

Jettison 安全漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison JSONArray has a security vulnerability , the vulnerability stems from the infinite recursion in Jettison leads to a denial of service...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from the inclusion of a stack overflow through the map...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...

Jettison 资源管理错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...

CVE-2016-10591

CVE-2016-10591 affects Prince (Node API for executing PrinceXML via the prince(1) CLI). The vulnerability arises because Prince downloads zipped resources over HTTP, making it susceptible to Man-in-the-Middle attacks that could swap the requested tarball/executable with a malicious one. In networ...

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

libvirt: several API calls do not honour read-only connection

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service host OS crash or possibly execute arbitrary code via a 1 virNodeDeviceDettach, 2 virNodeDeviceReset, 3 virDomainRevertToSnapsho...

Big Faceless Report Generator存在未明漏洞

BUGTRAQ ID: 34007 CNCAN ID：CNCAN-2009030601 Big Faceless Report Generator是一款Java控件，用于将XML文件转换为PDF文件。 Big Faceless Report Generator在处理JavaScript时存在一个未明漏洞。 目前没有详细漏洞细节提供。 Big Faceless Organization Big Faceless Report Generator 1.11.39 Big Faceless Organization Big Faceless Report Generator 1.1.41...