Lucene search
K

1066 matches found

OSV
OSV
added 2026/01/26 9:31 p.m.3 views

GHSA-RQFH-9R24-8C9R AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

8.2CVSS7AI score0.00542EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

AssertJ code issue vulnerabilities

AssertJ is an open-source unit testing tool developed by AssertJ. In versions 1.4.0 to 3.27.7 of AssertJ, there were code vulnerabilities. These vulnerabilities stemmed from an XML external entity vulnerability in XmlStringPrettyFormatter, which could allow for the reading of arbitrary local file...

9.1CVSS7.5AI score0.00542EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/23 4:47 p.m.32 views

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS0.00258EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:47 p.m.2 views

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4515

Name of the Vulnerable Software and Affected Versions YetiShare File Hosting Script version 5.1.0 Description The software contains a server-side request forgery condition that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url...

6.9CVSS5.4AI score0.00258EPSS
Exploits0References6
OSV
OSV
added 2026/01/22 5:16 p.m.4 views

CVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

8.1CVSS6.1AI score0.00578EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

8.1CVSS0.00578EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 5:16 p.m.6 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS6.1AI score0.0059EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.7 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 4:59 p.m.19 views

CVE-2026-0535 Stored XSS in Electronic Library Component Description

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

8.1CVSS0.00578EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 4:59 p.m.4 views

CVE-2026-0535 Stored XSS in Electronic Library Component Description

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

8.1CVSS5.9AI score0.00578EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 4:59 p.m.18 views

CVE-2026-0534 Stored XSS in the value of a part attribute

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 4:59 p.m.4 views

CVE-2026-0534 Stored XSS in the value of a part attribute

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS5.9AI score0.00469EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:59 p.m.3 views

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS5.8AI score0.00469EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:58 p.m.2 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS5.9AI score0.0059EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/22 4:58 p.m.22 views

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

8.1CVSS5.9AI score0.0059EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4203

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

7.1CVSS5.9AI score0.00578EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/21 1:2 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

8.8CVSS5.8AI score0.00522EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.3 views

MiracleLinux 4 : firefox-68.8.0-1.0.1.AXS4 (AXSA:2020-100:11)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-100:11 advisory. Mozilla: Use-after-free during worker shutdown CVE-2020-12387 Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 CVE-2020-12395...

10CVSS8.5AI score0.05803EPSS
Exploits0References5
OSV
OSV
added 2026/01/16 8:58 p.m.3 views

GHSA-VX9W-5CX4-9796 Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

9.2CVSS6.8AI score0.00609EPSS
Exploits0References8
Rows per page
Query Builder