Lucene search
K

448 matches found

OSV
OSV
added 2026/07/01 7:1 p.m.3 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00028EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/11 5:43 p.m.12 views

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse aka Nightmare-Eclipse and MSNightmare has released a new Windows BitLocker bypass dubbed GreatXML , a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in...

6.8CVSS6.4AI score0.01249EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/08 12:59 p.m.48 views

CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.14 views

Nmap 安全漏洞

Nmap is an open-source tool for network discovery and security scanning developed by Nmap. Version 7.70 of Nmap contains a security vulnerability. This vulnerability arises from handling malicious XML files containing exponentially growing entity extensions, which can lead to a denial-of-service...

6.9CVSS5.8AI score0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 7:56 p.m.6 views

MGASA-2026-0100 Updated polkit-122 packages fix security vulnerability

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...

6.7CVSS6.6AI score0.00184EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/16 10:31 p.m.5 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/13 10:27 p.m.5 views

CVE-2026-33908

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. When ImageMagick processes an XML file with deeply nested structures, the DestroyXMLTree function, which frees memory, is executed recursively without a depth limit. This can lead to the...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7
Snyk
Snyk
added 2026/01/21 1:6 a.m.9 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.21 views

CVE-2024-34085

A vulnerability has been identified in JT2Go All versions V2312.0001, Teamcenter Visualization V14.1 All versions V14.1.0.13, Teamcenter Visualization V14.2 All versions V14.2.0.10, Teamcenter Visualization V14.3 All versions V14.3.0.7, Teamcenter Visualization V2312 All versions V2312.0001. The...

7.8CVSS7.4AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54222

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

5.1CVSS6.2AI score0.00981EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.8AI score0.0363EPSS
Exploits5References4
NVD
NVD
added 2025/10/27 5:15 p.m.6 views

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

6.5CVSS0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP prior to version 4.6.0.3 that originates from allowing external entities to exist in certain XML-based files, which could lead ...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.2 views

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in...

6.2AI score0.00331EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/08 12:54 p.m.657 views

Exploit for XML Injection (aka Blind XPath Injection) in Google Android

!Screenshot of Android application with title AbxDroppedApk and...

7.8CVSS7.7AI score0.00147EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2686

Malware in sbrugna...

8.8CVSS8.8AI score0.01059EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-6802

Malware in sbrugna...

4.7CVSS4.8AI score0.00494EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-9580

Malware in sbrugna...

6.5CVSS6.6AI score0.01123EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-2190

Malware in sbrugna...

5CVSS6.1AI score0.02404EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-10752

Malware in sbrugna...

6.5CVSS6.3AI score0.01169EPSS
Exploits1References4
Rows per page
Query Builder