192 matches found
CVE-2023-33693
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...
CVE-2020-26064
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...
CVE-2025-25589
An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...
CVE-2025-25589
An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...
CVE-2025-25361
CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...
CVE-2024-51364
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...
CVE-2024-51367
CVE-2024-51367 affects BlackBoard v2.0.0.2 with an arbitrary file upload vulnerability in the component path "\Users\username.BlackBoard", allowing an attacker to execute arbitrary code by uploading a crafted .xml file. Public sources consistently describe the impact as remote code execution via ...
CVE-2024-51364
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...
CVE-2024-51367
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...
CVE-2020-26066 Cisco SD-WAN vManage Software XML External Entity Vulnerability
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...
CVE-2024-51136
An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...
CVE-2024-51136
An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...
RHEL 7 : libxslt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxslt: Invalid memory access leading to DoS at exsltDynMapFunction CVE-2016-4610 - libxslt: Heap overre...
CentOS 9 : libxml2-2.9.13-5.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libxml2-2.9.13-5.el9 build changelog. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerabili...
CVE-2024-24743
SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...
CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...
RHEL 8 : libxml2 (RHSA-2023:7544)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7544 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...
AlmaLinux 8 : libxml2 (ALSA-2024:0119)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0119 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...
libxml2: crafted xml can cause global buffer overflow
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...
Oracle Linux 9 : libxml2 (ELSA-2023-7747)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7747 advisory. 2.9.13-5 - Fix CVE-2023-39615 RHEL-5180 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...