82 matches found
GHSA-QHH4-458H-XWH2 @cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry
Docker registry auth substring match forwards credentials to a different registry Repository cdxgen/cdxgen Affected product/package - Ecosystem: npm - Package: @cyclonedx/cdxgen - Reviewed tree version: 12.3.3 - Reviewed commit: b1e179869fd7c6032c3d483c3f7bd4d7154ec22b - Affected file:...
Use of Incorrectly-Resolved Name or Reference
Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker wh...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
SBOM CVE Scanner - Enhanced Edition A comprehensive Python to...
XML External Entity (XXE) Injection
cyclonedx-core-java is vulnerable to XML External Entity XXE injection. The vulnerability is due to an insecurely configured XML Validator, where external entity processing was not fully disabled during XML validation, allowing attackers to supply a crafted CycloneDX XML BOM that triggers externa...
cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...
CVE-2025-64518
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
CVE-2025-64518
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
EUVD-2025-50813
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518
CVE-2025-64518 affects CycloneDX core (Java). From 2.1.0 up to but excluding 11.0.1, the XML Validator in cyclonedx-core-java was insecurely configured, enabling XML External Entity (XXE) injection. The issue is tied to incomplete mitigation that fixed parsing but not validation (GHSA-683x-4444-j...
GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
CycloneDX Core 代码问题漏洞
CycloneDX Core is a CycloneDX BOM Standard open source aid for creating SBOM applications. A code issue vulnerability exists in CycloneDX Core versions prior to 11.0.1 that stems from an unsecured configuration of the XML Validator, which could lead to an XML external entity injection attack...
PT-2025-46213
Name of the Vulnerable Software and Affected Versions CycloneDX versions 2.1.0 through 11.0.1 Description The CycloneDX core module, used for creating, validating, and parsing SBOMs, contains a flaw due to an insecurely configured XML Validator. This allows for XML External Entity XXE injection...
EUVD-2024-1382
Malicious code in bioql PyPI...