RLSA-2025:10630 Important: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Null pointer dereference leads to Denial of service DoS CVE-2025-49795 libxml: Type confusion...

Stack-based Buffer Overflow

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the xmlBuildQName function. An attacker can cause a crash and denial of service by supplying specially crafted XML input that triggers an integer...

Denial Of Service (DoS)

cakephp/cakephp is vulnerable to Denial Of Service. The vulnerability exists due to the RequestHandlerComponent that leverages Xml::build, which allows an attacker to cause an application crash by reading local files...

GHSA-Q79M-C546-2G63 CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...

PT-2023-33052 · Unknown · Requesthandlercomponent

Name of the Vulnerable Software and Affected Versions: RequestHandlerComponent affected versions not specified Description: The issue allows well-crafted requests to create a denial of service attack. It is related to the use of Xml::build, which enables reading local files. Recommendations: For...

CakePHP 2.6.6 and 3.0.6 Released

CakePHP 2.6.6 and 3.0.6 Released The CakePHP core team is ready to announce the immediate availability of CakePHP 2.6.6 and 3.0.6. These are maintenance releases that contain important security fixes. Security Fixes Earlier this week we were notified that RequestHandlerComponent had a vulnerabili...