CVE-2026-44748

CVE-2026-44748 affects SAP NetWeaver Application Server ABAP and ABAP Platform. The connected documents describe an XML Signature Wrapping vulnerability in SAML authentication, where an authenticated user with normal privileges can obtain a valid signed message and submit modified signed XML to t...

CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

PT-2026-48306

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

UBUNTU-CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

PT-2026-48275

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

EUVD-2026-35188

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Missing XML Validation CVE-2026-1190

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1190 DESCRIPTION: A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup...

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

CVE-2026-49235

CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...

CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

CVE-2026-50219

A flaw was found in libexpat. This vulnerability occurs because the library, in versions before 2.8.2, does not properly track handler call depth when certain XML parsing functions are invoked from within handlers during a policy violation. This oversight can lead to a use-after-free condition,...

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

XML-RPC Server - Remote Code Execution

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. id: CVE-2017-11610 info: name: XML-RPC Serve...

Medium: python3.14

Issue Overview: The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other...

PT-2026-47320

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A heap-based buffer overflow occurs when processing untrusted content using the mod xml2enc module and the xml2StartParse function. A heap-based buffer overflow is a memory corruptio...

Amazon Linux 2023 : perl-XML-LibXML, perl-XML-LibXML-tests (ALAS2023-2026-1795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1795 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8...