Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в ruby-nokogiri

Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...

4.3CVSS6.3AI score0.00259EPSS
Exploits0References2
CVE
CVEadded 2026/04/16 8:12 a.m.6 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00016EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2025/11/24 4:31 a.m.4 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00146EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2021/04/30 5:29 p.m.44 views

Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS6.7AI score0.92217EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2021/02/08 12:0 a.m.6 views

Redwood Report2Web File Inclusion Vulnerability

Redwood Report2Web is a web platform from Redwood Corporation that provides users with automated report generation capabilities. A file inclusion vulnerability exists in Redwood Report2Web version 4.3.4.5, which originates from a vulnerability that allows remote attackers to present external...

5.3CVSS6.9AI score0.00257EPSS
Exploits1References1
Cvelist
Cvelistadded 2020/12/30 12:0 a.m.23 views

CVE-2020-26247 XXE in Nokogiri

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

2.6CVSS5.8AI score0.00259EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2019/07/30 12:0 a.m.3 views

PT-2019-18668 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1 Description: The issue is related to a server side request forgery SSRF flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could s...

4.9CVSS4.7AI score0.09087EPSS
Exploits1References5
Rows per page
Query Builder