Lucene search
K

356 matches found

CVE
CVE
added 4 days ago32 views

CVE-2026-55471

CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...

8.7CVSS6AI score0.00309EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-55471 HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS6AI score0.00309EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/06/20 11:25 a.m.5 views

XML External Entity (XXE) Injection

org.hl7.fhir.utilities is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the saxonTransform... methods instantiating an unprotected TransformerFactory without restricting external DTDs and stylesheets, which allows an attacker to supply a malicious XML document that...

8.7CVSS6AI score0.00309EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/19 9:15 p.m.5 views

Arbitrary Code Injection

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Arbitrary Code Injection through the addVariablesToCode/makeFieldsWithInternalCode process in...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:47 p.m.11 views

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

Summary org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and...

8.7CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/17 6:47 p.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...

8.9CVSS6.1AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50600

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...

9.2CVSS6AI score0.00309EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.8 views

CVE-2026-6614

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

6.5CVSS6AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6585

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

5.5CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.13 views

CVE-2025-3633

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

8.2CVSS5.4AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6582

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8318

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

6.9CVSS5.5AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40901

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...

9CVSS6.3AI score0.0063EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 10:43 a.m.5 views

MINI-XFMR-JR6X-H33M

Bulletin has no description...

5.4CVSS5.2AI score0.00297EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.11 views

The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals

Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.14 views

CVE-2025-36126

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

7.6CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.13 views

EUVD-2025-209974

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

5.4CVSS5.8AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.12 views

CVE-2025-3633

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

8.2CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:17 p.m.10 views

CVE-2025-3633 IBM Cognos Analytics is affected by multiple security vulnerabilities

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

5.4CVSS5.8AI score0.0031EPSS
Exploits0References1
Rows per page
Query Builder