CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Cvelist•added 2026/03/31 9:5 p.m.•19 views

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...

6.5CVSS0.00285EPSS

Exploits0References4

Vulnrichment•added 2026/03/31 9:5 p.m.•0 views

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

6.5CVSS5.7AI score0.00285EPSS

Exploits0References4

OSV•added 2026/03/31 9:5 p.m.•0 views

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

6.5CVSS5.7AI score0.00285EPSS

Exploits0References6

CVE•added 2026/03/31 9:5 p.m.•33 views

CVE-2026-34401

XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...

6.5CVSS5.7AI score0.00285EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-7224

Malicious code in bioql PyPI...

9CVSS8.8AI score0.01361EPSS

Exploits2References14

Tenable Nessus•added 2025/08/20 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

9CVSS7.5AI score0.01361EPSS

Exploits2References3

RedHat Linux•added 2025/04/01 3:20 p.m.•3 views

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

9CVSS6.1AI score0.01361EPSS

Exploits2References13

RedhatCVE•added 2025/03/13 8:33 a.m.•6 views

CVE-2025-27407

8.5CVSS7.2AI score0.01361EPSS

Exploits2References12

NVD•added 2025/03/12 7:15 p.m.•13 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.01361EPSS

Exploits2References11

OSV•added 2025/03/12 7:15 p.m.•0 views

UBUNTU-CVE-2025-27407

9CVSS6.1AI score0.01361EPSS

Exploits2References12

OSV•added 2025/03/12 6:15 p.m.•14 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

9CVSS9.2AI score0.01361EPSS

Exploits2References13

CVE•added 2025/03/12 6:15 p.m.•264 views

CVE-2025-27407

CVE-2025-27407 concerns graphql-ruby: loading a malicious schema via GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can lead to remote code execution. Affected versions are pre-patches: 1.11.5–1.11.7, 1.11.? (and 1.12.24, 1.13.23, 2.0.31, 2.1.13, 2.2.16, 2.3.20). Patches exi...

9CVSS9.4AI score0.01361EPSS

Exploits2References11

Debian CVE•added 2025/03/12 6:15 p.m.•46 views

CVE-2025-27407

9CVSS9.1AI score0.01361EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by