The popular fonts used in web development and design can be exploited to launch XML External Entity (XXE) attacks and execute arbitrary commands.
These vulnerabilities, identified as CVE-2023-45139, CVE-2024-25081, and CVE-2024-25082, pose a significant threat, allowing for XML External Entity (XXE) attacks and arbitrary command execution.
https://cybersecuritynews.com/vulnerabi ... arbitrary/