Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input fi
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `` blocks. If the input value is already valid `CDATA`, it is not escaped a secon
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted D
An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An atta
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an a
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a den
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the curr
phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal pa
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version 2
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a cr
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add b
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line charac