Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

60 matches found

Nuclei
Nucleiadded 2 days ago14 views

RWS WorldServer - Authentication Bypass

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. id: CVE-2022-34267 info: name: RWS...

9.8CVSS7.4AI score0.78809EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-42174

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.04162EPSS
Exploits4References3
RedhatCVE
RedhatCVEadded 2025/05/23 6:40 a.m.5 views

CVE-2024-50848

An XML External Entity XXE vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file...

6.5CVSS7.3AI score0.07852EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 6:40 a.m.3 views

CVE-2024-50849

A Stored Cross-Site Scripting XSS vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code...

4.8CVSS5.5AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:21 a.m.3 views

CVE-2023-38357

Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions...

5.3CVSS6.7AI score0.04162EPSS
Exploits4References1
RedhatCVE
RedhatCVEadded 2025/05/23 12:56 a.m.3 views

CVE-2022-34268

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host...

9.8CVSS7.2AI score0.0016EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 12:56 a.m.3 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS7.3AI score0.03333EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 12:56 a.m.5 views

CVE-2022-34270

An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager...

9.8CVSS6.9AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:54 p.m.3 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.8CVSS7.2AI score0.78809EPSS
Exploits1References1
NVD
NVDadded 2024/11/18 9:15 p.m.15 views

CVE-2024-50848

An XML External Entity XXE vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file...

6.5CVSS0.07852EPSS
Exploits0References3
OSV
OSVadded 2024/11/18 9:15 p.m.1 views

CVE-2024-50848

An XML External Entity XXE vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file...

6.5CVSS6AI score0.07852EPSS
Exploits0References3
OSV
OSVadded 2024/11/18 9:15 p.m.0 views

CVE-2024-50849

A Stored Cross-Site Scripting XSS vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code...

4.8CVSS6AI score0.00712EPSS
Exploits0References3
CVE
CVEadded 2024/11/18 12:0 a.m.56 views

CVE-2024-50848

CVE-2024-50848 : Multiple sources confirm an XML External Entity (XXE) vulnerability in the WorldServer v11.8.2 Import object and Translation Memory import features, exploitable by supplying a crafted .tmx file. Affected component: WorldServer 11.8.2; root cause: XXE allowing access to sensitive ...

6.5CVSS7.3AI score0.07852EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2024/11/18 12:0 a.m.1 views

RWS Trados WorldServer 安全漏洞

RWS Trados WorldServer is a flexible, enterprise-class translation management system from RWS. A security vulnerability exists in RWS Trados WorldServer version v11.8.2 that stems from the presence of a cross-site scripting XSS vulnerability that could allow a remote, authenticated attacker to...

4.8CVSS6AI score0.00712EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/11/18 12:0 a.m.2 views

RWS WorldServer 安全漏洞

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer version v11.8.2, which stems from the presence of an XML External Entity XXE vulnerability that allows an attacker to access sensitive information and...

6.5CVSS7.1AI score0.07852EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/18 12:0 a.m.17 views

CVE-2024-50848

An XML External Entity XXE vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file...

0.07852EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/11/15 12:0 a.m.3 views

PT-2024-34444 · Unknown · Worldserver

Name of the Vulnerable Software and Affected Versions: WorldServer version 11.8.2 Description: A Stored Cross-Site Scripting XSS issue in the "Rules" functionality allows a remote authenticated attacker to execute arbitrary JavaScript code. Recommendations: For WorldServer version 11.8.2, at the...

4.8CVSS5.9AI score0.00712EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2024/02/29 1:35 a.m.1 views

CVE-2022-34270

An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager...

9.8CVSS5.9AI score0.00208EPSS
Exploits1References3
NVD
NVDadded 2024/02/29 1:35 a.m.7 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS7AI score0.03333EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2024/02/29 1:35 a.m.0 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS6.1AI score0.03333EPSS
Exploits1References3
Rows per page
Query Builder