944 matches found
CVE-2026-41675
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping or validation when serializing DocumentType node...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
SUSE-SU-2026:1296-1 Security update for python39
This update for python39 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3644: incomplete control character validation in http.cookies can lead to inpu...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
CVE-2024-39126
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...
CVE-2013-6244
The Live Update webdynpro application webdynpro/dispatcher/sap.com/tcslmuilup/LUP in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an...
CVE-2019-16701
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CVE-2019-16941
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An...
Unity Linux 20.1070a Security Update: expat (UTSA-2025-990945)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990945 advisory. libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Tenable has extracted...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
EUVD-2025-197810
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
[SECURITY] [DLA 4337-1] svgpp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4337-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 17, 2025 https://wiki.debian.org/LTS -...
EUVD-2008-1547
Malware in sbrugna...
EUVD-2006-0707
Malware in sbrugna...
EUVD-2011-2179
Malware in sbrugna...
EUVD-2014-3125
Malware in sbrugna...