Lucene search
K

167 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6608

Malicious code in bioql PyPI...

8.2CVSS7.2AI score0.00886EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6483

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00611EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6498

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00579EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6519

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.01118EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6531

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00624EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6529

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00582EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2025-21448

Malicious code in bioql PyPI...

5.2CVSS6.3AI score0.00404EPSS
Exploits0References8
Veracode
Veracode
added 2025/07/23 5:27 a.m.6 views

Path Traversal

org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...

5.2CVSS6.2AI score0.00404EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/17 3:17 p.m.21 views

CVE-2025-53621

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS6.5AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/17 3:17 p.m.14 views

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS6.2AI score0.00404EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/15 6:5 p.m.1 views

Directory Traversal

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...

7CVSS7.6AI score0.00404EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/07/15 6:5 p.m.8 views

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

5.2CVSS5.8AI score0.00404EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/15 6:5 p.m.7 views

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53622 Source advisory: OSV:GHSA-VHVX-8XGC-99WF...

5.2CVSS5.8AI score0.00404EPSS
Exploits0
OSV
OSV
added 2025/07/15 6:5 p.m.1 views

GHSA-VHVX-8XGC-99WF DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

Impact A path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command or from the "Batch Import Zip" user interface feature. This vulnerability likely impacts all versions of DSpace 1.x = 7.6.3, 8.0 = 8.1, and...

5.2CVSS5.9AI score0.00404EPSS
Exploits0References9
Snyk
Snyk
added 2025/07/15 6:4 p.m.3 views

XML External Entity (XXE) Injection

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...

7CVSS7.6AI score0.00368EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/07/15 6:4 p.m.7 views

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

6.9CVSS5.8AI score0.00368EPSS
Exploits0
OSV
OSV
added 2025/07/15 6:4 p.m.1 views

GHSA-JJWR-5CFH-7XWH DSpace is vulnerable to XML External Entity injection during archive imports

Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...

6.9CVSS6AI score0.00368EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2025/07/15 6:4 p.m.9 views

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53621 Source advisory: OSV:GHSA-JJWR-5CFH-7XWH...

6.9CVSS5.8AI score0.00368EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/15 6:4 p.m.10 views

DSpace is vulnerable to XML External Entity injection during archive imports

Impact Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1. 1. External entities are not disabled when parsing XML files during import of an archive in Simple Archive Format, either from command-line ./dspace import command or...

6.9CVSS6.4AI score0.00368EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/07/15 3:15 p.m.35 views

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS0.00404EPSS
Exploits0References7
Rows per page
Query Builder