Lucene search
K

279 matches found

OSV
OSV
added 2024/11/18 7:48 p.m.12 views

CVE-2024-48917 XXE in PHPSpreadsheet's XLSX reader

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS6.7AI score0.00718EPSS
Exploits1References5
NVD
NVD
added 2024/11/18 5:15 p.m.42 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS0.0076EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/18 5:3 p.m.31 views

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS7.2AI score0.0076EPSS
Exploits1References4
OSV
OSV
added 2024/11/18 5:3 p.m.19 views

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS6.6AI score0.0076EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleanup program and implement an XML external entity attack...

7.5CVSS6.8AI score0.0076EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.5 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleaner and implement an XML external entity attack...

7.5CVSS6.9AI score0.00718EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.4 views

PT-2024-31744

Name of the Vulnerable Software and Affected Versions: TopQuadrant TopBraid EDG versions prior to 8.0.1 Description: The issue allows an authenticated attacker to upload an XML DTD file and execute JavaScript, enabling them to read local files or access URLs, which is an example of an XML Externa...

5CVSS6.5AI score0.00278EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.4 views

ClassGraph Security Vulnerability

ClassGraph is a super-fast parallel class path scanner and module scanner from the ClassGraph open source. A security vulnerability exists in ClassGraph versions prior to 4.8.112 that stems from an inability to defend against XML External Entity XXE attacks...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References5
OSV
OSV
added 2024/04/16 12:15 a.m.4 views

DEBIAN-CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS7.5AI score0.00807EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.9 views

PT-2024-18059

Name of the Vulnerable Software and Affected Versions LangChain affected versions not specified Description The issue concerns the XMLOutputParser in LangChain, which utilizes the etree module from the XML parser in the standard Python library. This library has some XML vulnerabilities, making it...

5.9CVSS6.2AI score0.0077EPSS
Exploits1References17
SUSE CVE
SUSE CVE
added 2024/03/09 3:55 a.m.3 views

SUSE CVE-2024-23525

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the noxxe option of XML::Twig...

6.5CVSS7AI score0.00776EPSS
Exploits1References2
NCSC
NCSC
added 2024/02/09 12:0 a.m.4 views

Vulnerability fixed in Ivanti Connect Secure and Policy Secure Gateways

Ivanti has fixed a vulnerability in Ivanti Connect Secure, Policy Secure and ZTA gateway. The vulnerability allows a malicious party to use an XML External Entity attack to gain access to system resources without having the required authentication. The vulnerability was discovered during the...

8.3CVSS7.1AI score0.94721EPSS
Exploits1
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

Magic xpi Integration Platform Security Vulnerability

Magic xpi Integration Platform is an integration platform from Magic designed to simplify integration between enterprise applications and systems. A security vulnerability exists in Magic xpi Integration Platform version 4.13.4. An attacker exploited the vulnerability to perform an xml external...

6.5CVSS6.8AI score0.00379EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.5 views

Spreadsheet::ParseXLSX Security Vulnerability

Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX versions prior to 0.30 that stems from allowing XML External Entity References XXE attacks...

6.5CVSS6.9AI score0.00776EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/11/29 12:0 a.m.7 views

PT-2023-31281 · Jenkins · Jenkins Matlab Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MATLAB Plugin versions 2.11.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. The plugin determines whether a...

8.8CVSS8.7AI score0.00396EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/02 3:36 a.m.4 views

Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/09/01 11:15 a.m.4 views

CVE-2023-40239

Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References2
OSV
OSV
added 2023/08/03 10:15 p.m.5 views

CVE-2023-37497

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

8.8CVSS5.9AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2023/08/03 10:15 p.m.24 views

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

6.5CVSS6.3AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/03 9:7 p.m.8 views

CVE-2023-30951 CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

6.3CVSS6.9AI score0.00375EPSS
Exploits0References1
Rows per page
Query Builder