BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

MiracleLinux 7 : rh-mariadb102-galera-25.3.29-1.el7, rh-mariadb102-mariadb-10.2.33-1.el7 (AXSA:2020-685:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-685:03 advisory. mysql: Server: Replication unspecified vulnerability CPU Apr 2019 CVE-2019-2614 mysql: Server: Security: Privileges unspecified vulnerability CPU Apr...

EUVD-2020-16788

Malware in sbrugna...

EUVD-2012-5652

Malware in sbrugna...

EUVD-2019-7948

Malware in sbrugna...

EUVD-2014-0961

Malware in sbrugna...

EUVD-2017-6028

Malware in sbrugna...

EUVD-2014-0980

Malware in sbrugna...

EUVD-2021-1365

Malware in sbrugna...

EUVD-2024-19937

Malicious code in bioql PyPI...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2807)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 An issue was discovered in libexp...

Mageia: Security Advisory (MGASA-2024-0084)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-Q84M-RMW3-4382 LangChain's XMLOutputParser vulnerable to XML Entity Expansion

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM or agent with the XMLOutputParser and expose the component...

BIT-PYTHON-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

Security Bulletin: Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426)

Summary A flaw in the XML component of IBM Java Technology Edition used by v4.1.0.4 to v4.1.1.0 of IBM Tivoli System Automation for Multiplatforms has been identified. These issues were disclosed as part of the IBM Java SDK updates in Apr 2022. Vulnerability Details Refer to the security bulletin...

Multiple vulnerabilities in untangle

Overview untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Improper Restriction of XML External Entity Reference...

Nokogiri 代码问题漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby . A code issue vulnerability exists in versions prior to Nokogiri 1.11.0.rc4 that allows access to external resources over the network, potentially leading to XXE or SSRF attacks. No detailed vulnerability details are...

puzzlewebs.cz Cross Site Scripting vulnerability OBB-1334252

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...