Lucene search
+L

485 matches found

Github Security Blog
Github Security Blog
added 2025/08/20 9:30 p.m.13 views

Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS7.1AI score0.02962EPSS
Exploits4References11Affected Software2
NVD
NVD
added 2025/08/20 8:15 p.m.14 views

CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS0.02962EPSS
Exploits4References4
OSV
OSV
added 2025/08/20 8:15 p.m.5 views

DEBIAN-CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

8.4CVSS7.8AI score0.02962EPSS
Exploits4References1
OSV
OSV
added 2025/08/20 8:15 p.m.3 views

UBUNTU-CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS7.2AI score0.02962EPSS
Exploits4References6
OSV
OSV
added 2025/08/20 8:8 p.m.14 views

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

8.4CVSS7.2AI score0.02962EPSS
Exploits4References7
Debian CVE
Debian CVE
added 2025/08/20 8:8 p.m.16 views

CVE-2025-54988

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

9.8CVSS7.8AI score0.02962EPSS
Exploits4
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

Apache Tika 安全漏洞

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open-source library of functions that use Java programs to provide read and write functionality for Microsoft Office-formatted documents, Pdfbox a pure Java class library for reading and...

9.8CVSS7.1AI score0.02962EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.13 views

PT-2025-34153

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...

9.8CVSS8.6AI score0.79807EPSS
Exploits6References61
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2018-17197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. CVE-2018-17197 Note...

6.5CVSS6.7AI score0.05934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-1951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. CVE-2020-1951 Note that Nessus relies on the...

5.5CVSS6.8AI score0.02834EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/07/21 1:47 p.m.4 views

GHSA-36WV-V2QP-V4G4 vulnerabilities

Vulnerabilities for packages: wildfly, apache-tika...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2025/07/21 1:47 p.m.10 views

CVE-2025-48795 vulnerabilities

Vulnerabilities for packages: wildfly, apache-tika...

5.6CVSS6.2AI score0.00624EPSS
Exploits0
Chainguard
Chainguard
added 2025/07/21 1:17 p.m.8 views

CVE-2025-48795 vulnerabilities

Vulnerabilities for packages: wso2is, apache-tika, wildfly...

5.6CVSS6.2AI score0.00624EPSS
Exploits0
Chainguard
Chainguard
added 2025/07/21 1:16 p.m.3 views

GHSA-36WV-V2QP-V4G4 vulnerabilities

Vulnerabilities for packages: wso2is, apache-tika, wildfly...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2025/07/12 1:16 p.m.14 views

GHSA-J288-Q9X7-2F5V vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, nrjmx, spark, sonarqube, apache-hop, dependency-track, apache-activemq-artemis, logstash, apache-hop-fips, keycloak-config-cli, apache-nifi, celeborn, elasticsearch, leiningen, management-api-for-apache-cassandra-5.0, akhq, keycloak-fips,...

5.3AI score
Exploits0
OpenVAS
OpenVAS
added 2025/05/27 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-7529-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.5AI score0.02926EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/26 12:0 a.m.4 views

Ubuntu 20.04 LTS / 22.04 LTS : Apache Tika vulnerabilities (USN-7529-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7529-1 advisory. It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use...

5.5CVSS6.5AI score0.02926EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2025/05/23 1:52 p.m.4 views

USN-7529-1: Apache Tika vulnerabilities

It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-1950, CVE-2020-1951 It was discovered that Apache Tika...

5.5CVSS6.5AI score0.02926EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.7 views

CVE-2022-25169

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...

5.5CVSS6.8AI score0.0205EPSS
Exploits0References1
Wolfi
Wolfi
added 2025/01/21 12:30 p.m.3 views

GHSA-FH5R-CRHR-QRRQ vulnerabilities

Vulnerabilities for packages: apache-tika...

7.5AI score
Exploits0
Rows per page
Query Builder