Xml

ImageMagick versions prior to 7.1.2-19 and 6.9.13-44 are susceptible to a denial-of-service (DoS) attack due to unbounded recursion during XML parsing, potentially leading to stack exhaustion.

An unauthenticated attacker can exploit an out-of-bounds write vulnerability in CPCI85 Central Processing/Communication and SICORE Base System by sending a malicious XML request, potentially causing a service crash leading to a denial-of-service condition.

The xmldom library is vulnerable to XML node injection, allowing attackers to inject arbitrary XML nodes into serialized output by manipulating comment content; this is mitigated by using the `requireWellFormed` option in `serializeToString` after upgrading to version 0.8.13 or 0.9.10.

PhpSpreadsheet is vulnerable to a denial-of-service attack by crafting a SpreadsheetML XML file with an excessively large row index, which exhausts server CPU resources due to unbounded iteration.