19 matches found
📄 fast-xml-parser 5.3.5 Denial of Service
A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...
EUVD-2024-44290
Malicious code in bioql PyPI...
EUVD-2024-32740
Malicious code in bioql PyPI...
EUVD-2024-32745
Malicious code in bioql PyPI...
CVE-2024-4184
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4189
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4690
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4189
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4184
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4189
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4690 Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4690 Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4690
CVE-2024-4690 affects the OpenText Application Automation Tools Plugin for Jenkins (versions 24.1.0 and earlier). The root cause is improper configuration of XML parsers, enabling XML external entity (XXE) attacks and DTD Injection when processing input files for build steps. Reported impact incl...
CVE-2024-4189 Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4189 Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4184 Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4184 Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...
CVE-2024-4184
OpenText Application Automation Tools plugin for Jenkins (versions 24.1.0 and earlier) is affected by CVE-2024-4184 due to improper restriction of XML external entity references, enabling DTD injection when parsing input files. Impact described as high in CVSS metrics; exploitation status is not ...
CVE-2010-2076
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send...