Lucene search
K

301 matches found

CNNVD
CNNVD
added 2025/01/13 12:0 a.m.4 views

Venki Supravizio BPM 安全漏洞

Venki Supravizio BPM is a process management solution from Venki Brazil. A security vulnerability exists in Venki Supravizio BPM version 18.0.1 and prior versions, which stems from the presence of an NTLM hash leak that allows an authenticated attacker to elevate privileges on the underlying host...

8.4CVSS6.6AI score0.00469EPSS
Exploits0References3
Veracode
Veracode
added 2024/12/26 9:31 a.m.11 views

XML External Entity (XXE) Injection

org.fhir, ucum is vulnerable to XML External Entity XXE Injection. The vulnerability is due to XML parsing performed by the UcumEssenceService, which allows a malicious DTD tag in the XML to inject data from the host system...

8.6CVSS6.5AI score0.0055EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/17 10:44 a.m.12 views

Arbitrary File Read

github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Read. The vulnerability is due to lack of proper validation on the path parameter in the /api/template/render endpoint, allows attackers to manipulate the path and access sensitive files on the host system...

8.7CVSS6.5AI score0.00731EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/13 8:35 p.m.14 views

Ucum-java has an XXE vulnerability in XML parsing

Impact XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can...

8.6CVSS6.7AI score0.0055EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/12/11 6:44 p.m.8 views

GHSA-XX68-37V4-4596 SiYuan has an arbitrary file read via /api/template/render

Summary An arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Impact Arbitrary file read on the host...

8.7CVSS6.1AI score0.00731EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/21 4:53 p.m.66 views

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

7.5CVSS0.02273EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.3 views

Siemens SINEC NMS 安全漏洞

SINEC NMS is a new generation network management system for digital enterprises. The system enables centralized monitoring, management and configuration of the network. A privilege assignment error vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to write arbitrary...

8.4CVSS7AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/08 10:28 p.m.21 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00918EPSS
Exploits0References6
CVE
CVE
added 2024/11/08 10:28 p.m.69 views

CVE-2024-52007

CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.21 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.16 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/08 12:0 a.m.20 views

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.7 views

The vulnerability of the 9pfs Passthrough Filesystem emulator for hardware devices in QEMU allows a hacker to gain increased privileges within the system on the host.

The vulnerability of the 9pfs Passthrough Filesystem emulation software for hardware devices in QEMU is related to improper storage of permissions. Exploiting this vulnerability allows an attacker to enhance their privileges within the system on the host...

7.8CVSS6.1AI score0.00223EPSS
Exploits0References6Affected Software4
NVD
NVD
added 2024/10/17 7:15 p.m.21 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS0.00612EPSS
Exploits1References1
Veracode
Veracode
added 2024/09/09 7:27 a.m.5 views

XML Entity Expansion (XXE)

The HL7 FHIR Core is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XSLT transforms in various components, allowing a malicious XML file with a DTD tag to expose host system data...

8.6CVSS6.9AI score0.00975EPSS
Exploits0References7Affected Software6
RedhatCVE
RedhatCVE
added 2024/09/06 7:14 p.m.26 views

CVE-2024-45294

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.4AI score0.00975EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/06 3:46 p.m.18 views

CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...

8.6CVSS7AI score0.00975EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.27 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.39 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/06 12:0 a.m.41 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
Rows per page
Query Builder