Lucene search
K

824 matches found

NVD
NVD
added 2025/07/16 10:15 p.m.10 views

CVE-2025-34132

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

9.3CVSS0.01761EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/16 9:26 p.m.9 views

CVE-2025-34132 LILIN DVR Command Injection via NTPUpdate in dvr_box

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

9.3CVSS0.01761EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/10 1:30 a.m.7 views

CVE-2025-42966

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability ...

9.1CVSS7.1AI score0.00696EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 12:36 a.m.32 views

CVE-2025-42966

CVE-2025-42966 affects SAP NetWeaver XML Data Archiving Service. The vulnerability is an insecure Java deserialization flaw exploitable by an authenticated attacker with administrative privileges via a crafted serialized Java object. This can impact confidentiality, integrity, and availability of...

9.1CVSS6.4AI score0.00696EPSS
Exploits0References2
NVD
NVD
added 2025/05/30 8:15 p.m.10 views

CVE-2025-48882

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

8.7CVSS0.00417EPSS
Exploits0References2
OSV
OSV
added 2025/05/30 7:43 p.m.7 views

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

8.7CVSS6.6AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:52 p.m.6 views

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

7.5CVSS7AI score0.01181EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.10 views

CVE-2022-27669

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges...

7.5CVSS7.3AI score0.00962EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.14 views

CVE-2021-32925

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

6.5CVSS6.8AI score0.01922EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.8 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

8.8CVSS7.2AI score0.00514EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 p.m.8 views

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

9.8CVSS7AI score0.01498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 a.m.6 views

CVE-2015-20067

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress...

7.5CVSS6.9AI score0.08185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.7 views

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS6.9AI score0.01285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:16 a.m.12 views

CVE-2019-4391

HCL AppScan Standard is vulnerable to XML External Entity Injection XXE attack when processing XML data...

8.2CVSS7.3AI score0.01231EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 5:57 p.m.20 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypass signature validation in XML data [CVE-2025-29774] [CVE-2025-29775]

Summary Node.js module xml-crypto is used by IBM App Connect Enterprise Certified Container for handling XML data. IBM App Connect Enterprise Certified Container operands are vulnerable to signature validation bypass. This bulletin provides patch information to address the reported vulnerability ...

9.3CVSS7AI score0.09378EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/30 12:17 a.m.23 views

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References6
OSV
OSV
added 2025/04/28 4:15 p.m.4 views

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

9.8CVSS5.8AI score0.00405EPSS
Exploits0References4
NVD
NVD
added 2025/04/28 4:15 p.m.16 views

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

9.8CVSS0.00405EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/28 12:0 a.m.9 views

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

3.5CVSS4.1AI score0.00405EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.4 views

PT-2025-18085 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvente...

9.8CVSS6.4AI score0.00405EPSS
Exploits0References9
Rows per page
Query Builder