CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

327 matches found

Cvelist•added 2025/12/24 12:0 a.m.•23 views

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

5CVSS0.00037EPSS

Exploits0References2

CVE•added 2025/12/18 5:40 a.m.•4 views

CVE-2025-68463

Biopython (Bio.Entrez) up to version 1.86 is affected by CVE-2025-68463, an XML external entity (XXE) vulnerability in Bio.Entrez that can arise from processing untrusted Doctype declarations. Affected component/file: Bio.Entrez in Biopython; root cause: improper handling of external entities lea...

4.9CVSS6.5AI score0.00015EPSS

Exploits0References5

Positive Technologies•added 2025/12/18 12:0 a.m.•1 views

PT-2025-51994

Name of the Vulnerable Software and Affected Versions Biopython versions prior to 1.87 Description Bio.Entrez in Biopython allows doctype XML External Entity XXE, which is a technique where an XML parser is tricked into processing external entities within a document type definition, potentially...

4.9CVSS5.8AI score0.00015EPSS

Exploits0References19

RedHat Linux•added 2025/12/09 7:23 a.m.•0 views

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS7.4AI score0.037EPSS

Exploits0References4

RedHat Linux•added 2025/12/04 11:12 p.m.•0 views

expat: internal entity expansion

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

6.8CVSS7.5AI score0.00058EPSS

Exploits1References4

CVE•added 2025/12/03 4:43 p.m.•9 views

CVE-2024-32643

Masa CMS exposes an authentication-bypass vulnerability where adding a /tag/ declaration to a page URL causes the CMS to render content regardless of group restrictions. Affected versions are prior to 7.2.8, 7.3.13, and 7.4.6. The issue is fixed in 7.2.8, 7.3.13, and 7.4.6. The CVSS data from the...

7.5CVSS6.4AI score0.00063EPSS

Exploits1References2Affected Software1

RedHat Linux•added 2025/11/19 10:11 p.m.•1 views

expat: integer overflow in the doProlog function

7.5CVSS7.4AI score0.037EPSS

Exploits0References4