2703 matches found
Security update for mozjs52
This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...
EUVD-2025-204621
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service DoS...
CVE-2025-8065
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service DoS...
CVE-2025-8065
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...
CVE-2025-8065
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...
TP-Link Tapo C200 安全漏洞
TP-Link Tapo C200 is a smart WiFi camera from China P&L TP-Link. A security vulnerability exists in TP-Link Tapo C200 V3, which originates from a buffer overflow in the ONVIF XML parser, which could lead to a denial of service attack...
EUVD-2025-204495
Malicious code in viktor-xml-parser npm...
Malicious code in viktor-xml-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f588bf6164c41e993943c30ac7d1a25c88c3de79469bb1a5d1a8a43448f22c31 The package viktor-xml-parser was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview viktor-xml-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-192646 Malicious code in viktor-xml-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f588bf6164c41e993943c30ac7d1a25c88c3de79469bb1a5d1a8a43448f22c31 The package viktor-xml-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202951
Malicious code in bfruitmaliciousxmlparser npm...
Malicious Package
Overview fruit-malicious-xml-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in fruit-malicious-xml-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c330d59c7529d320701e6ccf11a655110e1aeb7c9ad5d15c34ba10941c6343a6 The package fruit-malicious-xml-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202945
Malicious code in efruitmaliciousxmlparser npm...
EUVD-2025-202949
Malicious code in fruit-malicious-xml-parser npm...
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...
ALSA-2025:22175 Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...
ALSA-2025:21030 Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration
An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...