Lucene search
K

4 matches found

Nuclei
Nuclei
added 11 hours ago18 views

Qwik - Unauthenticated RCE via server$ Deserialization

Qwik =1.19.0 contains an insecure deserialization vulnerability in the server$ RPC mechanism, letting unauthenticated attackers execute arbitrary code remotely, exploit requires require availability at runtime. id: CVE-2026-27971 info: name: Qwik - Unauthenticated RCE via server$ Deserialization...

9.8CVSS6.3AI score0.04632EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 9:57 p.m.3 views

Unchecked Return Value

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Unchecked Return Value from xmlC14NExecute, used in the canonicalize methods. These return and empty string rather than an error code for invalid and incomplete XML inputs...

9.3CVSS5.6AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-11796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which,...

7.5CVSS6.7AI score0.09635EPSS
Exploits0References2
OSV
OSV
added 2018/10/09 10:29 p.m.4 views

UBUNTU-CVE-2018-11796

In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...

7.5CVSS7.1AI score0.06883EPSS
Exploits0References3
Rows per page
Query Builder