Lucene search
K

77 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39593

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00244EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.37 views

CVE-2026-12993 Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00244EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/22 3:47 p.m.6 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the use of SchemaFactory.newInstance and TransformerFactory.newInstance without applying FEATURESECUREPROCESSING. An attacker can access sensitive files or interact with internal systems by submittin...

6.9CVSS5.9AI score0.00338EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.8 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a SAXParserFactory without enabling FEATURESECUREPROCESSING or disabling DTD processing. An attacker can access local files...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:55 p.m.5 views

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 4:55 p.m.8 views

CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.5 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-16489

Malware in sbrugna...

9.8CVSS9.3AI score0.02976EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/06/26 4:36 a.m.5 views

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Popular messaging platform WhatsApp has added a new artificial intelligence AI-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/19 12:0 a.m.5 views

Privacy-Preserving LLM Interaction with Socratic Chain-Of-Thought Reasoning and Homomorphically Encrypted Vector Databases

Large language models LLMs are increasingly used as personal agents, accessing sensitive user data such as calendars, emails, and medical records. Users currently face a trade-off: They can send private records, many of which are stored in remote databases, to powerful but untrusted LLM providers...

6.5AI score
Exploits0
NVD
NVD
added 2025/02/26 8:12 a.m.6 views

CVE-2025-0234

Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver...

5.3CVSS0.00575EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.6 views

PT-2025-6020 · Xml2Rfc · Xml2Rfc

Name of the Vulnerable Software and Affected Versions: xml2rfc versions 3.12.0 through 3.26.0 Description: The issue concerns XML External Entity XXE injection attacks. It was discovered that xml2rfc does not respect the --allow-local-file-access flag when a local file is specified as src in...

6.9CVSS7.4AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/12/05 12:40 p.m.50 views

CVE-2023-49093

A flaw was found in HTMLUnit. Fetching external resources may be possible for XSLT processors with the Feature for Secure Processing disabled FSP, allowing code injection and arbitrary code execution. HTMLUnit is vulnerable to this type of attack by default...

8.8CVSS7.7AI score0.02378EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.9 views

PT-2023-5313 · Eclipse · Eclipse Leshan

Name of the Vulnerable Software and Affected Versions: Eclipse Leshan versions prior to 1.5.0 Eclipse Leshan versions prior to 2.0.0-M13 Description: The issue is related to the incorrect restriction of XML links to external objects, which can allow a remote attacker to perform an XXE attack. Thi...

9.8CVSS9.3AI score0.00568EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.6 views

SUSE CVE-2014-0107

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...

7.5CVSS7.1AI score0.13809EPSS
Exploits2References4
Rows per page
Query Builder