CVE-2025-2905 - XXE in WSO2 API Manager Gateway – Exploiting XML Path Injection for Data Theft and Denial of Service
Published: 2024-06-01 <br>Severity: High <br>CVSS: 8.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/
CVE-2025-25977 - Remote Code Execution in canvg v4..2 via StyleElement Constructor
A new critical security flaw, CVE-2025-25977, has been discovered in canvg, a popular JavaScript library for rendering SVGs on Canvas. This vulnerability affects version v4.
CVE-2025-0617 - Exploiting XML Entity Expansion to Crash Hx 10.. and Prior — A Simple Guide
CVE-2025-0617 targets a critical vulnerability in the HX console (version 10.. and earlier). If you run administrative systems based on Hx, you should read this.
CVE-2022-21384 - Understanding the Rejection, Exploit Details, and Why It’s a Duplicate of CVE-2021-39275
---
When hunting for vulnerabilities, sometimes you’ll stumble on a CVE that’s “rejected” or “withdrawn.” CVE-2022-21384 is one such entry—a CVE ID
CVE-2024-40896 - XXE Vulnerability in libxml2 SAX Parser (How Attackers Bypass Custom Handlers)
---
Intro: What is CVE-2024-40896?
CVE-2024-40896 is a serious security vulnerability found in popular XML parsing library libxml2 (versions 2.11 before 2.11.9,
Episode
00:00:00
00:00:00