Lucene search
K

1062 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 2:50 p.m.2 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 2:50 p.m.28 views

CVE-2026-4980

CVE-2026-4980 concerns Inkscape’s XInclude processing, where a crafted SVG with malicious xi:include tags can cause a local file disclosure. The connected CVE records identify the affected software as Inkscape 1.1 prior to 1.3, and describe the root cause as an improper handling of XML External E...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 2:50 p.m.2 views

CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/27 2:50 p.m.3 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00202EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/27 2:50 p.m.24 views

CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS0.00202EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28702

Name of the Vulnerable Software and Affected Versions Inkscape versions 1.1 through 1.2 Description A local file disclosure issue exists in the XInclude processing component. A remote attacker can read local files by using a specially crafted SVG file that contains malicious xi:include tags...

6.3CVSS5.8AI score0.00202EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.7 views

CVE-2026-33371

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/26 2:38 a.m.135 views

Exploit for CVE-2026-30039

CVE-2026-30039 Security advisory materials for CVE-2026-3003...

5.9AI score
Exploits1
RedHat Linux
RedHat Linux
added 2026/03/24 9:39 a.m.5 views

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

8.6CVSS5.8AI score0.00671EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.2 views

RHEL 7 : ImageMagick (RHSA-2026:5573)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5573 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...

8.6CVSS5.8AI score0.00671EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 10:45 p.m.17 views

CVE-2026-33046

CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...

8.8CVSS5.9AI score0.00782EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/23 12:30 p.m.3 views

GHSA-4G2H-VM7X-747C esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/23 12:30 p.m.10 views

esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:9 a.m.3 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27105

Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References8
NVD
NVD
added 2026/03/20 2:16 p.m.7 views

CVE-2026-33371

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

4.3CVSS0.00234EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 4:8 a.m.5 views

EUVD-2026-13541

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.2 views

CVE-2026-33371

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

5.8AI score0.00234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26615

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

5.8AI score0.00234EPSS
Exploits0References6
Rows per page
Query Builder