Lucene search
K

1632 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

9.8CVSS7.8AI score0.14301EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

8.5CVSS7.8AI score0.04065EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...

9.9CVSS7.4AI score0.72324EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

9.8CVSS7.8AI score0.76367EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available, by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7.1AI score0.11468EPSS
Exploits2References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

7.5CVSS6.3AI score0.02015EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

8.5CVSS7.8AI score0.143EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

8.5CVSS7.8AI score0.04735EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libxstream-java

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service by manipulating the input stream. The attack exploits the hash code implementation used for...

8.2CVSS6.6AI score0.08689EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream contained type information at the time of unmarshaling, allowing new instances to be created based on those type information. Attackers...

9.1CVSS6.7AI score0.4999EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to request data from internal resources that were not publicly available, by manipulating the processed input stream. No users are affecte...

8.6CVSS7.2AI score0.46826EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

8.5CVSS7.8AI score0.04735EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to occupy a thread that consumed the maximum amount of CPU time and would never return. However, no users are affected if they follow the...

7.8CVSS6.7AI score0.13832EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

8.5CVSS7.8AI score0.04735EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.19 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 3:16 p.m.12 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

6.5CVSS0.00365EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 12:0 a.m.11 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 12:0 a.m.37 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

0.00365EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

oinone-pamirs 代码问题漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains code vulnerabilities. These vulnerabilities stem from the XML parsing logic based on XStream. When attacker-controlled XML is passed to the framework’s parsing points, such as...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 12:0 a.m.9 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References4
Rows per page
Query Builder