Lucene search
K

1632 matches found

Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41305

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

5.8AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 12:0 a.m.12 views

EUVD-2026-30548

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017781 advisory. XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficien...

8.8CVSS7.1AI score0.77735EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017728 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host...

6.8CVSS6.8AI score0.82392EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017732 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated...

7.7CVSS7.2AI score0.82238EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...

8.8CVSS7.3AI score0.07934EPSS
Exploits1References29
GithubExploit
GithubExploit
added 2026/02/22 9:37 a.m.239 views

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 — Mirth Connect Pre-Auth RCE Pre-authenticated...

9.8CVSS9.1AI score0.97106EPSS
Exploits22
VulnCheck KEV
VulnCheck KEV
added 2026/02/14 12:0 a.m.10 views

VulnCheck KEV: CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7.4AI score0.11468EPSS
In wildExploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:33 p.m.8 views

Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)

Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...

7.5CVSS5.9AI score0.02015EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : xstream-1.3.1-16.el7 (AXSA:2021-2499:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2499:04 advisory. xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl CVE-2021-39139 xstream: Arbitrary code execution via...

8.8CVSS8.1AI score0.98124EPSS
Exploits16References15
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : xstream-1.3.1-14.el7 (AXSA:2021-2208:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2208:03 advisory. XStream: remote command execution attack by manipulating the processed input stream CVE-2021-29505 Tenable has extracted the preceding description block...

8.8CVSS7.9AI score0.77735EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : xstream-1.3.1-13.el7 (AXSA:2021-1711:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1711:02 advisory. XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet CVE-2021-21344 XStream: Unsafe deserizaliation of...

9.9CVSS7AI score0.76367EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : xstream-1.3.1-12.el7 (AXSA:2021-1252:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1252:01 advisory. XStream: remote code execution due to insecure XML deserialization when relying on blocklists CVE-2020-26217 Tenable has extracted the preceding description...

9.3CVSS8.4AI score0.85001EPSS
Exploits7References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 1:5 p.m.6 views

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerability in XStream

Summary IBM B2B Advanced Communications has addressed a vulnerability in XStream library shipped with product CVE-2024-47072. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote...

7.5CVSS7.3AI score0.02015EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:55 a.m.11 views

CVE-2025-1081

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...

3.1CVSS6.4AI score0.00288EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/04 6:57 p.m.229 views

Exploit for Deserialization of Untrusted Data in Apache Struts

CVE-2017-9805: Apache Struts 2 S2-052 RCE Analizi Bu depo, Ap...

8.1CVSS8.5AI score0.99461EPSS
Exploits23
OSV
OSV
added 2025/12/03 2:35 p.m.9 views

BIT-ACTIVEMQ-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.3AI score0.82136EPSS
Exploits1References16
OSV
OSV
added 2025/12/03 2:35 p.m.2 views

BIT-ACTIVEMQ-2021-21350 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS8.2AI score0.15234EPSS
Exploits1References16
OSV
OSV
added 2025/12/03 2:35 p.m.5 views

BIT-ACTIVEMQ-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS7AI score0.46826EPSS
Exploits1References16
OSV
OSV
added 2025/12/03 2:35 p.m.3 views

BIT-ACTIVEMQ-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS6.9AI score0.13832EPSS
Exploits0References16
Rows per page
Query Builder