24 matches found
Exploit for CVE-2026-22187
CVE-2026-22187-Bio-Formats-unsafe-Java-deserialization-via-.bf...
CVE-2026-22186
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
GHSA-FCQJ-76G3-Q7QM Bio-Formats has an XML External Entity (XXE) vulnerability
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
GHSA-QJM3-CVP9-3JJ3 Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
Bio-Formats has an XML External Entity (XXE) vulnerability
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
CVE-2026-22186
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22187
Bio-Formats
CVE-2026-22187 Bio-Formats <= 8.3.0 Memoizer Unsafe Deserialization via .bfmemo Cache Files
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
CVE-2026-22186
Bio-Formats
CVE-2026-22186 Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
CVE-2026-22186 Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...
Bio-Formats 代码问题漏洞
Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from an XML external entity vulnerability in the Leica...
PT-2026-2161
Name of the Vulnerable Software and Affected Versions Bio-Formats versions up to and including 8.3.0 Description Bio-Formats versions up to and including 8.3.0 are susceptible to unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The...
PT-2026-2160
Name of the Vulnerable Software and Affected Versions Bio-Formats versions up to and including 8.3.0 Description Bio-Formats versions up to and including 8.3.0 have an XML External Entity XXE issue in the Leica Microsystems metadata parsing component, such as XLEF. The parser uses an insecurely...
Bio-Formats 代码问题漏洞
Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from performing insecure Java deserialization of...
EUVD-2019-19298
Malware in sbrugna...
CVE-2019-9944
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...