1062 matches found
CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-4980
CVE-2026-4980 concerns Inkscape’s XInclude processing, where a crafted SVG with malicious xi:include tags can cause a local file disclosure. The connected CVE records identify the affected software as Inkscape 1.1 prior to 1.3, and describe the root cause as an improper handling of XML External E...
CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-4980 Improper Restriction of XML External Entity Reference in Inkscape
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
PT-2026-28702
Name of the Vulnerable Software and Affected Versions Inkscape versions 1.1 through 1.2 Description A local file disclosure issue exists in the XInclude processing component. A remote attacker can read local files by using a specially crafted SVG file that contains malicious xi:include tags...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-32024
OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...
Exploit for CVE-2026-30039
CVE-2026-30039 Security advisory materials for CVE-2026-3003...
Important: Red Hat Security Advisory: ImageMagick security update
An update for ImageMagick is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
RHEL 7 : ImageMagick (RHSA-2026:5573)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5573 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...
CVE-2026-33046
CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...
GHSA-4G2H-VM7X-747C esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
PT-2026-27105
Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
EUVD-2026-13541
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
PT-2026-26615
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...