[SECURITY] Fedora 43 Update: phpunit12-12.5.8-1.fc43

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 12 of PHPUnit, available using the phpunit12 command. Documentation: https://phpunit.de/documentation.html...

EUVD-2025-19057

Malicious code in bioql PyPI...

EUVD-2022-5890

Malicious code in bioql PyPI...

XML External Entity (XXE) Injection

Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

CVE-2025-52888

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888

CVE-2025-52888 affects Allure 2’s xunit-xml-plugin (pre-2.34.1). The vulnerability arises from insecure configuration of the XML parser (DocumentBuilderFactory), allowing external entity expansion during processing of test result XML files. Impact: arbitrary file disclosure and potential SSRF. Re...

PT-2025-26776 · Unknown +1 · Xunit-Xml-Plugin +1

Name of the Vulnerable Software and Affected Versions: Allure 2 versions prior to 2.34.1 Description: A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser DocumentBuilderFactory and allows external...

CVE-2022-34181

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...

MAL-2024-4069 Malicious code in Be.Vlaanderen.Basisregіsters.AggregateSоurce.Testing.Xunit (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basіsregisters.GrAr.Import.Xunіt (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderеn.Basisregіsters.AggregateSоurce.Testing.Xսnit (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanԁеren.Basіsregisters.GrAr.Import.Xunіt (NuGet)

--- -= Per source details. Do not edit below this line.=-...

GHSA-298J-9Q4W-6RM4 Agent-to-controller security bypass in Jenkins xUnit Plugin

xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn’t exist, and parsing files inside it as test results. This allows attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to...

Agent-to-controller security bypass in Jenkins xUnit Plugin

xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn’t exist, and parsing files inside it as test results. This allows attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to...

com.thalesgroup.jenkins-ci.plugins:cpptest (>=0.10 <=0.14), org.jenkins-ci.plugins:gallio (>=1.6 <=1.8) +5 more potentially affected by CVE-2022-34181 via org.jenkins-ci.plugins:xunit (>=1.102 <=1.91)

org.jenkins-ci.plugins:xunit MAVEN version =1.102, =0.10, =1.6, =0.13, =1.0, =0.16, =0.61 Source cves: CVE-2022-34181 Source advisory: OSV:GHSA-298J-9Q4W-6RM4...

CVE-2022-34181

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...