Lucene search
K

53514 matches found

Nuclei
Nuclei
added 14 hours ago11 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS7.2AI score0.08085EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago31 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
Nuclei
Nuclei
added 14 hours ago15 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.3AI score0.04648EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago117 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

9.8CVSS7.6AI score0.39554EPSS
Exploits2References1
Nuclei
Nuclei
added 14 hours ago43 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.2AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago34 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago30 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS7AI score0.02205EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago89 views

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

7.5CVSS7.3AI score0.51653EPSS
Exploits5References5
Nuclei
Nuclei
added 14 hours ago139 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.1AI score0.05238EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago18 views

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

7.5CVSS7AI score0.09803EPSS
Exploits4References2
Nuclei
Nuclei
added 14 hours ago19 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS5.6AI score0.02016EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago12 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7.3AI score0.03948EPSS
Exploits6References3
Nuclei
Nuclei
added 14 hours ago23 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.2AI score0.03395EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago15 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5.8AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 14 hours ago18 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2775 info: name: SysAid On-Prem = 23.3.40 - XML External Entity...

9.3CVSS7.6AI score0.55177EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago92 views

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

7.2CVSS6.5AI score0.73142EPSS
Exploits0References4
EUVD
EUVD
added 17 hours ago7 views

EUVD-2026-40447

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added 17 hours ago3 views

EUVD-2026-40688

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score
Exploits0References3
EUVD
EUVD
added 17 hours ago3 views

EUVD-2026-40642

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-56364

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS
Exploits0References3
Rows per page
Query Builder