Lucene search
+L

192 matches found

OSV
OSV
added 2023/06/29 9:15 p.m.20 views

PYSEC-2023-97

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS8.3AI score0.00795EPSS
Exploits0References2
OSV
OSV
added 2023/06/29 9:15 p.m.6 views

PYSEC-2023-96

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS6.2AI score0.00731EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/29 12:0 a.m.27 views

CVE-2020-26709

py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.8AI score0.00795EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.17 views

Requests-XML 代码问题漏洞

Requests-XML is a library for parsing XML from the individual developers at erinxocon. A security vulnerability exists in requests-xml version v0.2.3, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that allows an attacker to execute arbitrary code via a craft...

7.5CVSS7.8AI score0.00731EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/29 12:0 a.m.8 views

CVE-2020-26709

py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

8.6AI score0.00795EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/29 12:0 a.m.20 views

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.8AI score0.00731EPSS
Exploits0References2
NVD
NVD
added 2023/06/05 4:15 p.m.15 views

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

7.8CVSS5.6AI score0.00428EPSS
Exploits1References3
OSV
OSV
added 2023/06/05 4:15 p.m.2 views

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

5.5CVSS6.3AI score0.00428EPSS
Exploits1References3
Prion
Prion
added 2023/06/05 4:15 p.m.16 views

Buffer overflow

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

1.9CVSS5.6AI score0.00428EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/05 12:0 a.m.34 views

CVE-2023-33693

CVE-2023-33693 affects EasyPlayerPro-Win, versions 3.2.19.0106 through 3.6.19.0823. A buffer overflow in processing a crafted XML file leads to Denial of Service (DoS). CVSS data indicates a local attack vector with user interaction required; impact on availability is high. Connected sources corr...

7.8CVSS5.6AI score0.00428EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/05 12:0 a.m.21 views

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...

5.9AI score0.00428EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: libxslt / libxml2 (CVE-2022-29824)

The version of libxslt / libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29824 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer...

6.5CVSS7.4AI score0.0363EPSS
Exploits5References2
Veracode
Veracode
added 2023/03/01 11:32 a.m.18 views

XML External Entity (XXE)

urule is vulnerable to XML External Entities XXE. A remote attacker is able to execute arbitrary code by uploading a crafted XML file to /urule/common/saveFile...

9.8CVSS9.4AI score0.01192EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2023/02/24 12:0 a.m.39 views

CVE-2023-24189

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

9.8AI score0.01192EPSS
Exploits1References2
OSV
OSV
added 2023/02/24 12:0 a.m.25 views

CVE-2023-24189

An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...

9.8CVSS9.6AI score0.01192EPSS
Exploits1References4
CVE
CVE
added 2023/02/24 12:0 a.m.55 views

CVE-2023-24189

Summary (CVE-2023-24189) : An XML External Entity (XXE) vulnerability in urule v2.1.7 allows remote code execution by uploading a crafted XML file to the API endpoint /urule/common/saveFile. This affects urule’s XML handling and is deemed CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; b...

9.8CVSS9.6AI score0.01192EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/02/14 2:15 a.m.14 views

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

7.8CVSS7.8AI score0.00918EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/02/14 12:0 a.m.23 views

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

8AI score0.00918EPSS
Exploits1References3
Veracode
Veracode
added 2022/12/21 6:18 a.m.16 views

Cross-site Scripting (XSS)

feehi/feehicms is vulnerable to cross site scripting. The vulnerability exists due to improper user-input sanitization, which allows a remote attacker to run arbitrary code via uploading a crafted XML file...

5.4CVSS5.8AI score0.00506EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/12/15 7:15 p.m.36 views

CVE-2022-40373

Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file...

5.4CVSS0.00506EPSS
Exploits1References1
Rows per page
Query Builder