Lucene search
K

214 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 4:5 p.m.14 views

CVE-2025-22478

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information...

8.1CVSS6.9AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/04 11:0 a.m.25 views

CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

6.5CVSS0.00579EPSS
Exploits1References4
NVD
NVD
added 2025/03/21 8:15 p.m.10 views

CVE-2025-25036

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...

6.8CVSS0.00407EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/17 6:31 a.m.7 views

CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference

A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.4AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/17 6:31 a.m.27 views

CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference

A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...

6.5CVSS0.00338EPSS
Exploits0References4
NVD
NVD
added 2025/02/12 8:15 p.m.17 views

CVE-2025-1225

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

6.5CVSS0.00352EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/12 8:0 p.m.10 views

CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

6.5CVSS6.5AI score0.00352EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/12 8:0 p.m.14 views

CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

6.5CVSS0.00352EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 1:51 a.m.13 views

CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...

7.1CVSS6.4AI score0.0053EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

Schneider Electric Web Designer 代码问题漏洞

Schneider Electric Web Designer is a web design tool from Schneider Electric France. A code issue vulnerability exists in Schneider Electric Web Designer that stems from the inclusion of an XML External Entity References Improperly Restricted vulnerability that could lead to information disclosur...

8.4CVSS7.6AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 5:15 p.m.3 views

CVE-2024-4184

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

8CVSS5.8AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 4:41 p.m.46 views

CVE-2024-4189

CVE-2024-4189 affects OpenText Application Automation Tools (version 24.1.0 and earlier). The issue is an XML External Entity (XXE) / DTD Injection caused by an improper restriction on external entities in the tool’s XML parsing, leading to potential compromise of confidentiality, integrity, and ...

8CVSS7.9AI score0.00442EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/07 8:3 p.m.25 views

CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS6.8AI score0.02859EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/16 2:50 p.m.36 views

CVE-2024-7098 XML Injection in SFS Consulting's ww.Winsure

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2...

9.2CVSS0.00485EPSS
Exploits0References2
CVE
CVE
added 2024/09/16 2:50 p.m.54 views

CVE-2024-7098

CVE-2024-7098 corresponds to an Improper Restriction of XML External Entity Reference in SFS Consulting WW.Winsure prior to version 4.6.2, enabling XML Injection. Multiple connected sources (NVD, Red Hat, CVE list) confirm affected product and root cause. Impact is rated critical (high confidenti...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/16 2:50 p.m.15 views

CVE-2024-7098 XML Injection in SFS Consulting's ww.Winsure

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2...

9.2CVSS5.8AI score0.00485EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/08/19 7:25 p.m.165 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...

9.8CVSS9.9AI score0.99994EPSS
Exploits26
OSV
OSV
added 2024/06/26 11:15 p.m.3 views

CVE-2024-28982

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference...

8.2CVSS5.8AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2024/06/17 7:26 a.m.78 views

BIT-MAGENTO-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS9.9AI score0.99994EPSS
Exploits26References2
OSV
OSV
added 2024/06/13 9:31 a.m.41 views

GHSA-M8CJ-3V68-3CXJ Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS9.9AI score0.99994EPSS
Exploits26References9
Rows per page
Query Builder