Lucene search
K

277 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.10 views

CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

6.5CVSS6.9AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.9 views

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS6.7AI score0.01215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:11 a.m.4 views

CVE-2023-23595

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...

7.5CVSS7.5AI score0.00954EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.8 views

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.5CVSS6.8AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.4 views

CVE-2022-40771

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure...

4.9CVSS5AI score0.03456EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 11:0 p.m.13 views

CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

6.9CVSS0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.9 views

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.01123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.4 views

CVE-2022-28154

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.1CVSS6.7AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.6 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.0109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.5 views

CVE-2021-47621

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...

7.5CVSS7.4AI score0.00556EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.8 views

CVE-2021-35201

NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity XXE attacks...

6.5CVSS6.9AI score0.00933EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.8 views

CVE-2020-14029

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...

7.5CVSS6.8AI score0.01384EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.9 views

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

4.9CVSS6.8AI score0.01227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.8 views

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

6.9CVSS7.3AI score0.00732EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.7 views

PT-2025-22568 · Lantronix · Lantronix Device Installer

Name of the Vulnerable Software and Affected Versions: Lantronix Device installer affected versions not specified Description: The issue concerns XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices...

6.9CVSS6.4AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/21 6:47 a.m.10 views

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

6.8CVSS7AI score0.0104EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2025/05/21 6:47 a.m.8 views

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

6.8CVSS6.5AI score0.0104EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.5 views

The vulnerability of the Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software lies in the improper limitation of XML references to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software products is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

7.8CVSS7.8AI score0.03542EPSS
Exploits0References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2020-25649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity X...

7.5CVSS6.7AI score0.17611EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-3572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper...

7.5CVSS7.3AI score0.00807EPSS
Exploits1References3
Rows per page
Query Builder