(0Day) Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

DEBIAN-CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

DEBIAN-CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

UBUNTU-CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

fast-xml-parser security vulnerability

fast-xml-parser is an open source library from Natural Intelligence. It is used to quickly validate XML, parse XML and build XML without C/C++ based libraries and callbacks. A security vulnerability exists in versions of fast-xml-parser prior to 4.1.2, which stems from the presence of prototype...

CVE-2023-26920

CVE-2023-26920 affects the fast-xml-parser library (before 4.1.2). The issue is a Prototype Pollution flaw triggered by proto and can lead to remote code execution or denial of service, per IBM’s Cloud Pak for Data advisory (affecting 4.0.0–4.8.4; remediation to 4.8.5). NVD lists CVSSv3.1 base sc...

USN-6542-1: TinyXML vulnerability

Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

Jenkins MATLAB Plugin missing permission checks

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...

GHSA-9F5G-RGCR-8GRW Jenkins MATLAB Plugin cross-site request forgery vulnerability

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...

GHSA-CV4X-9F34-8RP9 Jenkins MATLAB Plugin missing permission checks

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...