CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

CVE-2024-39847 Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

CVE-2024-39847

CVE-2024-39847 describes an XXE-like weakness in the XML parser of the 4D Server SOAP endpoints. Unauthenticated attackers can read files on the application server and adjacent network shares, and can issue HTTP GET requests to arbitrary services. The connected documents confirm the vulnerability...

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

4D Server 代码问题漏洞

4D Server is a database server platform developed by the French company 4D. There are code vulnerabilities in 4D Server. These vulnerabilities stem from weaknesses in the XML parser function of the SOAP endpoint, allowing unauthenticated attackers to gain read access to files on the application...

PT-2026-36079

Name of the Vulnerable Software and Affected Versions 4D server affected versions not specified Description Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints. This allows for read access to files on the application server and adjacent network...

0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +2211 more potentially affected by CVE-2026-25528 via langsmith (>=0.3.7 <=0.4.12)

langsmith NPM version =0.3.7, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-25528 Source advisory: SNYK:JS-LANGSMITH-15253025...

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.2.2 Vulnerability Details CVEID:CVE-2025-29087 DESCRIPTION: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated...

CVE-2023-40489

Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-40491

Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2024-20936 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: MAXON CINEMA 4D version R2024.2.0 Description: An issue in MAXON CINEMA 4D allows a local attacker to execute arbitrary code via a crafted c4d base.xdl64 file. Recommendations: For MAXON CINEMA 4D version R2024.2.0, consider removing or...

CVE-2023-4770

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution...

4D Windows Server Code Issue Vulnerability

4D Windows Server is a family of applications from 4D USA. A code issue vulnerability exists in 4D Windows Server that originates from a DLL hijacking that can lead to arbitrary code execution by replacing shfolder.dll in the installation path...

PT-2023-30574 · 4D · 4D

Name of the Vulnerable Software and Affected Versions: 4D versions 19 R8 100218 Description: An uncontrolled search path element vulnerability has been found in 4D and 4D server Windows executables applications. This vulnerability consists of a DLL hijacking by replacing x64 shfolder.dll in the...

PT-2023-5506 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. It requires user interaction, where the target must visit a malicious page...

PT-2023-27467 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required, where the target must visit a malicious page...

CVE-2023-30223

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions...

CVE-2023-30223

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions...

CVE-2023-30222

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping...