Lucene search
+L

2735 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2431 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...

8.1CVSS6.9AI score0.7795EPSS
Exploits1References17
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.11 views

perl-XML-Parser security update

2.41-10.0.3 - Security update for CVE-2006-10002 and CVE-2006-10003 Orabug: 39220442...

9.8CVSS5.8AI score0.00604EPSS
Exploits0
OSV
OSV
added 2026/05/04 8:56 p.m.12 views

GHSA-V7CP-2CX9-X793 changedetection.io project has an XXE vulnerability

changedetection.ioXXE01 Vulnerability Report: We discovered a XXE vulnerability in the changedetection.io project While analyzing the code logic, it was determined that an area may lead to unintended behavior under specific conditions. With the project's security in mind, see the analysis results...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/04 6:30 p.m.75 views

CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS0.00851EPSS
Exploits1References1
CVE
CVE
added 2026/05/04 6:30 p.m.54 views

CVE-2026-42231

n8n (open source workflow automation platform) is affected by CVE-2026-42231 due to a prototype pollution flaw in the xml2js XML request body parser within the webhook handler. The vulnerability, exploitable by an authenticated user with permission to create or modify workflows, can be chained wi...

9.4CVSS6.4AI score0.00851EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-37163

Name of the Vulnerable Software and Affected Versions changedetection.io versions 0.54.9 and earlier Description The software contains an XML External Entity XXE issue where the xpath filter function switches to XML mode for XML/RSS content and creates an etree.XMLParserstrip cdata=False without...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.13 views

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 1:16 p.m.4 views

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS0.0047EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/30 12:11 p.m.6 views

EUVD-2024-55563

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:11 p.m.5 views

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 11:40 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.

Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...

5.9CVSS4.7AI score0.00449EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/04/30 7:16 a.m.10 views

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS0.00447EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 7:10 a.m.4 views

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/30 7:10 a.m.9 views

EUVD-2024-55562

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36079

Name of the Vulnerable Software and Affected Versions 4D server affected versions not specified Description Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints. This allows for read access to files on the application server and adjacent network...

8.7CVSS6AI score0.00447EPSS
Exploits2References9
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.13 views

Lobster_pro 代码问题漏洞

Lobsterpro is a middleware platform developed by the German company Lobster, used for enterprise data integration and process orchestration. Versions of Lobsterpro prior to 4.12.6-GA contained code vulnerabilities. These vulnerabilities stemmed from weaknesses in the XML parser’s functionality,...

7.7CVSS6.1AI score0.0047EPSS
Exploits2References2
OSV
OSV
added 2026/04/28 5:41 p.m.11 views

CLSA-2026-1777396174 perl-XML-Parser: Fix of CVE-2006-10003

CVE-2006-10003: fix off-by-one heap buffer overflow in stserialstack growth check in Expat/Expat.xs startElement; also backport upstream follow-up 2abd177 to initialize stserialstacksize=1024 after allocation...

9.8CVSS6AI score0.00548EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.12 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

8.8CVSS7.8AI score0.01682EPSS
Exploits10Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:45 p.m.3 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.3AI score0.00324EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/24 4:45 p.m.2 views

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References4
Rows per page
Query Builder