Lucene search
K

158 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-15143

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS0.00255EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-15143

CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.

9.3CVSS6.1AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS0.00424EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42858

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References2
CVE
CVE
added 3 days ago20 views

CVE-2026-15378

The CVE-2026-15378 entry concerns the guardrails-detectors component where a flaw allows remote attackers to perform a blind Server-Side Request Forgery (SSRF) by submitting a crafted XML Schema Definition string. This can lead to unauthorized access to sensitive information (e.g., credentials fr...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transiti...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 3:16 p.m.13 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:30 p.m.30 views

CVE-2026-57234

Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.34 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.14 views

Zeep: Server-Side Request Forgery (SSRF)

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbidexternal option, intended to disable this transitive remote...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/19 4:36 p.m.6 views

GHSA-8678-W3JW-XFC2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Summary The NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potential...

2.6CVSS6AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.5 views

PT-2026-56538

Name of the Vulnerable Software and Affected Versions Zeep versions 4.0.0 through 4.3.2 Description In this Python SOAP client, the Settings.forbid external setting is not enforced during the parsing of WSDL or XSD documents. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References10
OSV
OSV
added 2026/05/06 2:45 p.m.9 views

BIT-JAVA-MIN-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37837

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38030

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

9.8CVSS7AI score0.0113EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-38044

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS6.8AI score0.00559EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 11:16 p.m.8 views

ALPINE-CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.7AI score0.00632EPSS
Exploits1References1
Rows per page
Query Builder