Lucene search
K

255 matches found

OSV
OSV
added 2025/05/13 10:15 a.m.5 views

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

7.1CVSS5.8AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 10:15 a.m.8 views

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

7.1CVSS0.00448EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/13 9:38 a.m.14 views

CVE-2024-51445

A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...

7.1CVSS0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.8 views

PT-2025-20845 · Siemens · Polarion

Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: A vulnerability has been identified in the affected application, which contains a XML External Entity Injection XXE vulnerability in the docx import feature. Th...

7.1CVSS6.5AI score0.00448EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

Siemens Polarion 代码问题漏洞

Siemens Polarion is a suite of application lifecycle management software from Siemens, Germany. The software supports end-to-end enterprise application development on a unified, modular, browser-based software environment. A code issue vulnerability exists in Siemens Polarion that stems from an X...

7.1CVSS7.2AI score0.00448EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/04/03 11:53 a.m.1 views

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doccommon.c bsc1240075 CVE-2025-27832: Fixed compression buffer overflow in NPDL device for contrib/japanese/gdevnpdl.c bsc1240077...

7.1CVSS7.1AI score0.00806EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/03/22 1:25 p.m.15 views

CVE-2025-0184

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS7.2AI score0.00472EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.25 views

CVE-2025-0184

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS0.00472EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS6.5AI score0.00472EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:11 a.m.100 views

CVE-2025-0184

CVE-2025-0184 describes an SSRF in langgenius/dify around the DOCX upload in the Create Knowledge flow (v0.10.2). The vulnerability triggers when a DOCX’s external relationship uses a reltype value fetched via the requests module instead of the SSRF proxy, enabling an attacker with access to the ...

6.5CVSS6.9AI score0.00472EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/03/20 10:11 a.m.10 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS6.6AI score0.00472EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.34 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS0.00472EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...

6.5CVSS6.7AI score0.00472EPSS
Exploits1References3
Zero Day Initiative
Zero Day Initiative
added 2025/01/15 12:0 a.m.14 views

Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

7.8CVSS6.7AI score0.00755EPSS
Exploits0References1
NVD
NVD
added 2024/12/15 4:15 a.m.23 views

CVE-2024-55969

DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714...

9.1CVSS0.00602EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/15 12:0 a.m.28 views

CVE-2024-55969

DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714...

0.00602EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/15 12:0 a.m.11 views

CVE-2024-55969

DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714...

6.9AI score0.00602EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/15 12:0 a.m.6 views

PT-2024-36622 · Syncfusion · Syncfusion Essential Studio For Asp.Net Mvc

Name of the Vulnerable Software and Affected Versions: Syncfusion Essential Studio for ASP.NET MVC versions prior to 27.1.55 Description: The issue occurs when resaving a DOCX document with an external reference XML, resulting in an XMLException. This problem is present in the DocIO feature of...

9.1CVSS7.3AI score0.00602EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.3 views

PwnDoc 安全漏洞

PwnDoc is a penetration test report generator from PwnDoc open source. A security vulnerability exists in PwnDoc that stems from the ability for an attacker to write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on a system...

6.5CVSS7.8AI score0.00663EPSS
Exploits0References3
OSV
OSV
added 2024/12/11 10:41 p.m.10 views

CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

6.5CVSS7.9AI score0.00663EPSS
Exploits0References5
Rows per page
Query Builder