EUVD-2024-2883

Malicious code in bioql PyPI...

EUVD-2024-28180

Malicious code in bioql PyPI...

EUVD-2024-39579

Malicious code in bioql PyPI...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

Astra Linux – Vulnerability in libxml2

In versions of libxml2 before 2.12.10 and 2.13.x before 2.13.6, there is a use-after-free issue in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions in the xmlschemas.c file. To exploit this vulnerability, a crafted XML document must be validated against an XML schema with...

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...

CVE-2020-6177

SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server...

CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...

CVE-2020-6202

SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

Signature Wrapping Attack

samlify is vulnerable to a Signature Wrapping attack. The vulnerability is due to improper validation of signed XML documents, allowing an attacker to forge a SAML Response and authenticate as any user...

CLSA-2025-1747689263 Fix CVE(s): CVE-2025-32414, CVE-2025-32415

SECURITY UPDATE: Out-of-bounds memory access in Python API bindings - debian/patches/CVE-2025-32414.patch: Limit character reads and reserve buffer space for UTF-8 encoding to prevent overflow - CVE-2025-32414 SECURITY UPDATE: Heap buffer under-read in XML schema validation -...

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager version 2.0.0 and prior versions, which stems from insufficient validation of XML inputs to the gateway component and could lead to XML external entity injecti...

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

CVE-2020-6366

SAP NetWeaver Compare Systems versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service...

CVE-2020-26831

SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...

CVE-2024-45858

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...