Lucene search
+L

192 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.7 views

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

7.8CVSS7.2AI score0.00428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.5 views

CVE-2020-26064

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

8.1CVSS6.7AI score0.00734EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/20 4:13 p.m.5 views

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

8.1CVSS8.3AI score0.00437EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/18 12:0 a.m.15 views

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

0.00437EPSS
Exploits0References1
CVE
CVE
added 2025/03/06 12:0 a.m.70 views

CVE-2025-25361

CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...

9.8CVSS8AI score0.00649EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.16 views

CVE-2024-51364

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...

7.8AI score0.00663EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 12:0 a.m.49 views

CVE-2024-51367

CVE-2024-51367 affects BlackBoard v2.0.0.2 with an arbitrary file upload vulnerability in the component path "\Users\username.BlackBoard", allowing an attacker to execute arbitrary code by uploading a crafted .xml file. Public sources consistently describe the impact as remote code execution via ...

9.8CVSS7.8AI score0.00745EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.23 views

CVE-2024-51364

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...

0.00663EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.31 views

CVE-2024-51367

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...

0.00745EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 4:23 p.m.21 views

CVE-2020-26066 Cisco SD-WAN vManage Software XML External Entity Vulnerability

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

6.5CVSS6.9AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 5:15 p.m.22 views

CVE-2024-51136

An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...

9.8CVSS0.01156EPSS
Exploits1References3
OSV
OSV
added 2024/11/04 12:0 a.m.11 views

CVE-2024-51136

An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...

9.8CVSS7.3AI score0.01156EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 7 : libxslt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxslt: Invalid memory access leading to DoS at exsltDynMapFunction CVE-2016-4610 - libxslt: Heap overre...

9.8CVSS7.9AI score0.06457EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.19 views

CentOS 9 : libxml2-2.9.13-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libxml2-2.9.13-5.el9 build changelog. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerabili...

6.5CVSS6.6AI score0.00667EPSS
Exploits1References2
NVD
NVD
added 2024/02/13 3:15 a.m.32 views

CVE-2024-24743

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

8.6CVSS8.5AI score0.00516EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/13 2:43 a.m.40 views

CVE-2024-24743 XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java CAF - Guided Procedures - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so...

8.6CVSS8.7AI score0.00516EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/26 12:0 a.m.18 views

RHEL 8 : libxml2 (RHSA-2023:7544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7544 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...

6.5CVSS7AI score0.00667EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/01/12 12:0 a.m.22 views

AlmaLinux 8 : libxml2 (ALSA-2024:0119)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0119 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...

6.5CVSS6.6AI score0.00667EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/01/10 11:39 a.m.8 views

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS7.3AI score0.00667EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.18 views

Oracle Linux 9 : libxml2 (ELSA-2023-7747)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7747 advisory. 2.9.13-5 - Fix CVE-2023-39615 RHEL-5180 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

6.5CVSS6.7AI score0.00667EPSS
Exploits1References2
Rows per page
Query Builder