Lucene search
K

22 matches found

Veracode
Veracode
added 2026/05/16 5:36 a.m.12 views

XML External Entity (XXE) Injection

ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.13 views

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/14 8:29 p.m.6 views

GHSA-88GH-2526-GFRR DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.4 views

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

7.1CVSS6.6AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 9:16 p.m.3 views

CVE-2026-22186

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

7.1CVSS5.7AI score
Exploits0References4
CVE
CVE
added 2026/01/07 8:26 p.m.22 views

CVE-2026-22186

Bio-Formats up to 8.3.0 is affected by an XXE flaw in the Leica Microsystems metadata parsing (XLEF). The issue stems from insecure configuration of DocumentBuilderFactory when parsing Leica XML-based metadata, allowing external entity expansion and external DTD loading. Exploitation can trigger ...

7.1CVSS6.2AI score0.00142EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 8:26 p.m.3 views

CVE-2026-22186 Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from an XML external entity vulnerability in the Leica...

7.1CVSS6.6AI score0.00142EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-11422

Malware in sbrugna...

6.8CVSS5.5AI score0.00519EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/06 3:50 a.m.3 views

SUSE CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

6.5CVSS6.5AI score0.00464EPSS
Exploits1References3
OSV
OSV
added 2024/11/04 11:15 p.m.3 views

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

6.5CVSS6.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.1 views

apache-ivy: XML External Entity vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS7.3AI score0.01855EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.6 views

SUSE CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS9AI score0.99939EPSS
Exploits36References3
OSV
OSV
added 2022/04/03 12:0 a.m.3 views

GHSA-6V73-FGF6-W5J7 Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.7AI score0.99939EPSS
Exploits36References9
BDU FSTEC
BDU FSTEC
added 2022/03/31 12:0 a.m.6 views

The vulnerability of the Spring module routing mechanism, which facilitates business logic through Spring Cloud Function services, allows attackers to gain unauthorized access to local resources or cause service failures.

The vulnerability of the Spring module routing mechanism for promoting business logic using Spring Cloud Function is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to...

6.4CVSS7.8AI score0.99939EPSS
Exploits36References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/12/14 10:15 p.m.2 views

CVE-2020-0464

In resolvcachelookup of rescache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.6AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2018/05/02 10:29 p.m.3 views

CVE-2018-0247

A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...

4.7CVSS5.8AI score0.00947EPSS
Exploits0References4
exploitpack
exploitpack
added 2003/10/24 12:0 a.m.9 views

Microsoft Internet Explorer 6 - Local Resource Reference

Microsoft Internet Explorer 6 - Local Resource Reference source: https://www.securityfocus.com/bid/8886/info Microsoft Internet Explorer is prone to an issue that may allow for unauthorized access to local resources. Internet Explorer version 6 SP1 imposed restrictions to limit remote sites from...

7.4AI score
Exploits0
Symantec
Symantec
added 2003/02/04 12:0 a.m.26 views

Opera Cross Domain Scripting Vulnerability

Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...

1.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder