44 matches found
CVE-2026-34510
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets treated as local content, bypassing access restrictio...
CVE-2026-21569
This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...
CVE-2026-21569
This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...
CVE-2026-21569
This CVE affects Crowd Data Center and Server (Atlassian) starting from version 7.1.0, with a high-severity XXE (XML External Entity Injection) vulnerability. The issue allows an authenticated attacker to access local and remote content, with high impact to confidentiality and availability, and l...
XXE (XML External Entity Injection) org.apache.jackrabbit:jackrabbit-spi-commons Dependency in Confluence Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...
XXE (XML External Entity Injection) in Jira Service Management Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, and 11.1.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of...
XXE (XML External Entity Injection) in Jira Service Management Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in version 11.2.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2017-7375)
A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher- risk attack surface in libxml2 not...
EUVD-2016-6242
Malware in sbrugna...
EUVD-2007-4676
Malware in sbrugna...
Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987461)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987461 advisory. A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. AddType and...
Linux Distros Unpatched Vulnerability : CVE-2017-15691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prio...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. CVE-2024-39884: Fixed source code disclosure of local content bsc1227353...
SUSE CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PH...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...
K000140579: Apache vulnerability CVE-2024-39884
Security Advisory Description A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of...
AZL-43427 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...