Lucene search
K

1064 matches found

Atlassian
Atlassian
added 2026/05/06 4:29 p.m.26 views

File Inclusion in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in version 11.3.3 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N allows an unauthenticated attacker to get...

8.2CVSS6.8AI score0.00253EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.5 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-41066)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-41066 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/05 7:32 p.m.8 views

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection insecure XML parsing of user-supplied .zip files containing manifest.xml in the Admin Import DB. An attacker...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.8 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a SAXParserFactory without enabling FEATURESECUREPROCESSING or disabling DTD processing. An attacker can access local files...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 1:16 p.m.3 views

DEBIAN-CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.15 views

Apache 2.4.x < 2.4.67 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.67. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.67 advisory. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP...

9.8CVSS6AI score0.4581EPSS
Exploits18References11
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:29 p.m.2 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/30 11:5 a.m.5 views

EUVD-2026-26368

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.7 views

SUSE CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

5.9CVSS5.3AI score0.00324EPSS
Exploits1References8
Snyk
Snyk
added 2026/04/29 10:26 p.m.12 views

Server-side Request Forgery (SSRF)

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the lng and ns parameters used by...

8.8CVSS6AI score0.00387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References4
OSV
OSV
added 2026/04/25 5:48 a.m.7 views

OESA-2026-2012 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:48 a.m.8 views

OESA-2026-2011 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:48 a.m.7 views

OESA-2026-2010 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:48 a.m.18 views

OESA-2026-2009 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.3AI score0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:48 a.m.4 views

OESA-2026-2008 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 5:16 p.m.4 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 5:16 p.m.6 views

PYSEC-2026-87

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2
PyPA
PyPA
added 2026/04/24 5:16 p.m.19 views

PYSEC-2026-87

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/24 5:16 p.m.5 views

ALPINE-CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References1
Rows per page
Query Builder