Lucene search
+L

53768 matches found

nuclei
nuclei
added yesterday19 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.3AI score0.16239EPSS
Exploits1References2
nuclei
nuclei
added yesterday19 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.1AI score0.04648EPSS
Exploits1References3
nuclei
nuclei
added yesterday183 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

9.8CVSS7.2AI score0.39294EPSS
Exploits2References1
nuclei
nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7AI score0.03948EPSS
Exploits6References3
nuclei
nuclei
added yesterday24 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS6AI score0.02016EPSS
Exploits1References3
nuclei
nuclei
added yesterday257 views

Apache OFBiz < 18.12.10 - Arbitrary Code Execution

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. id: CVE-2023-49070 info: name: Apache OFBiz 18.12.10 - Arbitrary Code Execution author: your3cho severity: critical description: | Pre-auth RCE in Apach...

9.8CVSS7.1AI score0.95442EPSS
Exploits11References5
nuclei
nuclei
added yesterday130 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.3AI score0.03395EPSS
Exploits2References3
redhat
redhat
added yesterday2 views

perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names

A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...

7.5CVSS6AI score0.00531EPSS
Exploits0References6
redhat
redhat
added yesterday3 views

Important: Red Hat Security Advisory: perl-XML-LibXML security update

An update for perl-XML-LibXML is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS6.1AI score0.00531EPSS
Exploits0References2
redhat
redhat
added 2 days ago4 views

perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names

A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...

7.5CVSS6AI score0.00531EPSS
Exploits0References6
redhat
redhat
added 2 days ago3 views

Important: Red Hat Security Advisory: perl-XML-LibXML security update

An update for perl-XML-LibXML is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

7.5CVSS6.1AI score0.00531EPSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS0.00534EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago5 views

CVE-2026-48359 Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS6.5AI score0.00534EPSS
Exploits0References1
cve
cve
added 2 days ago10 views

CVE-2026-48359

Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...

9.6CVSS6.5AI score0.00534EPSS
Exploits0References1
cve
cve
added 2 days ago37 views

CVE-2026-45071

CVE-2026-45071 affects the Symfony PHP framework (dom-crawler component). Before patches, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true prior to loadXML(), re-enabling external entity resolution and allowing attacker-controlled XML to resolve file:// URIs (local file disclosur...

8.7CVSS6.1AI score0.00458EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2 days ago4 views

CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability

...

7CVSS6.1AI score0.00252EPSS
Exploits0References1
cve
cve
added 2 days ago10 views

CVE-2026-50359

CVE-2026-50359 is a Microsoft XML Core Services elevation-of-privilege vulnerability described as a use-after-free issue. The NVD/NCSC/CIRCL entries confirm local privilege escalation for an authorized user. No exploit vectors are provided in the documents. Microsoft has released updates addressi...

7CVSS6AI score0.00252EPSS
Exploits0References1
nuclei
nuclei
added 2 days ago62 views

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...

9.1CVSS7AI score0.26939EPSS
Exploits0References4
nuclei
nuclei
added 2 days ago33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
nuclei
nuclei
added 2 days ago44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
Rows per page
Query Builder