Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-59775

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00482EPSS
Exploits0References4
NVD
NVD
added 2025/08/27 10:15 p.m.5 views

CVE-2023-7307

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

8.7CVSS0.00482EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.5 views

Sangfor Behavior Management System 安全漏洞

Sangfor Behavior Management System is a behavior management software from China-based Sangfor. A security vulnerability exists in the Sangfor Behavior Management System that stems from an improperly configured XML parser, which could lead to internal file disclosure or server-side request forgery...

8.7CVSS6.5AI score0.00482EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 1:33 p.m.11 views

CVE-2020-26831

SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...

9.6CVSS7AI score0.0107EPSS
Exploits0
OSV
OSV
added 2024/11/15 11:15 a.m.3 views

DEBIAN-CVE-2021-3902

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

9.8CVSS8.6AI score0.00924EPSS
Exploits1References1
OSV
OSV
added 2022/04/07 11:15 a.m.4 views

CVE-2021-46417

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...

7.5CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2020/12/09 5:15 p.m.22 views

Server side request forgery (ssrf)

SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...

5.5CVSS9.2AI score0.0107EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder