Lucene search
K

901 matches found

EUVD
EUVD
added 2026/05/08 9:35 p.m.17 views

EUVD-2026-28839

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 5:46 a.m.7 views

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.01192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.01192EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 4:59 p.m.15 views

JLSEC-2026-468

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 2:44 p.m.5 views

BIT-JAVA-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-37810

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/04 8:56 p.m.18 views

changedetection.io project has an XXE vulnerability

changedetection.ioXXE01 Vulnerability Report: We discovered a XXE vulnerability in the changedetection.io project While analyzing the code logic, it was determined that an area may lead to unintended behavior under specific conditions. With the project's security in mind, see the analysis results...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:55 p.m.5 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/04 3:16 p.m.11 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 2:26 p.m.11 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.13 views

PT-2026-36826

Name of the Vulnerable Software and Affected Versions jOpenDocument version 1.5 Description Improper restriction of XML external entity reference in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This occurs when the application fails to properly restrict XML...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/04/30 4:16 p.m.8 views

CVE-2025-14543

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from...

9.1CVSS0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 12:11 p.m.6 views

CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/30 12:11 p.m.30 views

CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS0.0047EPSS
Exploits2References1
CVE
CVE
added 2026/04/30 12:11 p.m.10 views

CVE-2024-13971

The CVE-2024-13971 item covers Lobster_pro’s XML parser vulnerability prior to version 4.12.6-GA. The issue allows unauthenticated attackers to read files on the application server and adjacent network shares and to issue HTTP GET requests to arbitrary services via XML External Entities handling....

7.7CVSS5.5AI score0.0047EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 7:10 a.m.12 views

CVE-2024-39847 Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References2
CVE
CVE
added 2026/04/30 7:10 a.m.19 views

CVE-2024-39847

CVE-2024-39847 describes an XXE-like weakness in the XML parser of the 4D Server SOAP endpoints. Unauthenticated attackers can read files on the application server and adjacent network shares, and can issue HTTP GET requests to arbitrary services. The connected documents confirm the vulnerability...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/04/30 7:10 a.m.33 views

CVE-2024-39847 Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS0.00447EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/04/28 12:3 p.m.7 views

CVE-2026-41066

A flaw was found in lxml, a library for processing XML and HTML in Python. A remote attacker can exploit this vulnerability by sending untrusted XML input to an application using lxml's default parser configuration. This allows the attacker to read local files on the system, leading to informatio...

7.5CVSS5.5AI score0.00324EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

Juniper Junos OS Multiple Vulnerabilities (JSA88120)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88120 advisory. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length...

9.8CVSS7.3AI score0.08003EPSS
Exploits6References6
Rows per page
Query Builder