11 matches found
CVE-2026-44618
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...
GHSA-Q8QP-CVCW-X6JJ Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...
XML External Entity (XXE) Injection
org.wso2.am:am-distribution-parent are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without sufficient restrictions, which allows an attacker to supply malicious XML to read sensitive files or trigger denial-of-service...
XML External Entity (XXE) Injection
Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...
EUVD-2022-2991
Malicious code in bioql PyPI...
CVE-2023-28680
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-28155
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
XML External Entity (XXE) Injection
Overview com.twelvemonkeys.imageio:imageio-metadata is an ImageIO metadata module. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are abl...
PT-2021-14732 · Jenkins · Jenkins Perforce Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Performance Plugin versions 3.20 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control workspace contents to have Jenkins...
Jenkins 代码问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project. a code issue vulnerability exists in Jenkins Plugin, which stems from the pom2config plugin version 1.2 and earlier not...