214 matches found
EUVD-2021-30851
Malicious code in bioql PyPI...
CVE-2025-11140
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...
CVE-2025-11140 Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...
CVE-2025-11140
The CVE-2025-11140 issue affects Bjskzy Zhiyou ERP up to v11.0, specifically the function openForm in com.artery.richclient.RichClientService. The vulnerability arises from manipulating the argument contentString, enabling an XML External Entity (XXE) reference. It can be exploited remotely, and ...
CVE-2025-11035
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-10816 Jinher OA XML text xml external entity reference
A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated...
CVE-2025-10092
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit h...
CVE-2025-10091
A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possibl...
Linux Distros Unpatched Vulnerability : CVE-2014-125087
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation...
DELL CloudLink XML External Entity References Improperly Restricted Vulnerability
DELL CloudLink is a data encryption and key management solution from Dell that is targeted at enterprise-level users and supports public, private and hybrid cloud environments. DELL CloudLink suffers from an improperly restricted XML external entity reference vulnerability that can be exploited b...
CVE-2025-26484
Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2025-26484
Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
PT-2025-33286 · Dell · Dell Cloudlink
Name of the Vulnerable Software and Affected Versions: Dell CloudLink versions 8.0 through 8.1.1 Description: Dell CloudLink contains an Improper Restriction of XML External Entity Reference issue. A high privileged attacker with remote access could potentially exploit this issue, leading to Deni...
CVE-2025-36608
CVE-2025-36608 affects Dell SmartFabric OS10 Software prior to 10.6.0.5. The issue is an improper restriction of XML External Entity references in OS10, enabling a low-privileged, remote attacker to potentially gain unauthorized access. Impact is described as unauthorized access with Network atta...
Adobe Commerce/Magento Open Source Multiple Vulnerabilities (APSB24-40)
The version of Adobe Commerce/Magento Open Source installed on the remote host falls within one of the following ranges 2.4.7 2.4.7-p1 Adobe Commerce / 2.4.6 2.4.6-p6 Adobe Commerce / 2.4.5 2.4.5-p8 Adobe Commerce / 2.4.4 2.4.4-p9 Adobe Commerce / 2.4.3 2.4.3-ext-8 Adobe Commerce / 2.4.2...
CVE-2025-36603
Dell AppSync, versions 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...
CVE-2025-7823
A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the...
PT-2025-30299 · Dell · Dell Appsync
Name of the Vulnerable Software and Affected Versions: Dell AppSync version 4.6.0.0 Description: Dell AppSync version 4.6.0.0 contains an Improper Restriction of XML External Entity Reference issue. A low privileged attacker with local access could potentially exploit this issue, leading to...
CVE-2025-7824
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2025-7824 Jinher OA XmlHttp.aspx xml external entity reference
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...