Lucene search
K

14 matches found

OSV
OSV
added 2025/12/24 8:15 p.m.4 views

CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuratio...

7.1CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14954

Malware in sbrugna...

9.8CVSS9.5AI score0.01908EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2021-31310

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01052EPSS
Exploits0References1
OSV
OSV
added 2022/03/25 7:15 p.m.5 views

CVE-2021-44477

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

7.5CVSS5.9AI score0.01052EPSS
Exploits0References1
Prion
Prion
added 2022/03/25 7:15 p.m.20 views

Xxe

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

5CVSS7.6AI score0.01052EPSS
Exploits0References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/02/15 3:16 p.m.293 views

How InsightAppSec Detects Log4Shell: Your Questions Answered

If you’re reading this, that means you survived the year 2021, so congratulations! For everyone in the software industry, and especially those in cybersecurity, the past 12 months probably felt like 12 rounds in the ring. Remember the Solarwinds attack and the resulting scramble to mitigate suppl...

9.3CVSS0.4AI score0.99999EPSS
Exploits351
Prion
Prion
added 2021/02/11 6:15 p.m.13 views

Xxe

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...

5CVSS7.5AI score0.01594EPSS
Exploits1References2Affected Software1
Zero Science Lab
Zero Science Lab
added 2018/09/05 12:0 a.m.651 views

NovaRad NovaPACS Diagnostics Viewer v8.5 OOB XXE File Disclosure

Summary NovaPACS revolutionary workflow infrastructure has been designed and developed using the expertise of radiology directors, technicians, PACS administrators for over 20 years. This wealth of imaging experience has lead to over 850 installations in more than 15 countries as well as key...

9.8CVSS5.8AI score0.00371EPSS
Exploits1
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.42 views

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

9.8CVSS9.6AI score0.20185EPSS
Exploits5
Prion
Prion
added 2018/07/03 2:29 p.m.21 views

Xxe

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

5CVSS7.4AI score0.0156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/03 2:0 p.m.19 views

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

7.5AI score0.0156EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/12/11 12:0 a.m.31 views

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2017/02/12 12:0 a.m.12 views

Cimetrics BACnet Explorer 4.0 - XML External Entity Injection

Cimetrics BACnet Explorer 4.0 - XML External Entity Injection Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet...

0.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/12 12:0 a.m.118 views

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...

5.9AI score
Exploits0
Rows per page
Query Builder