Lucene search
K

2181 matches found

CVE
CVE
added yesterday35 views

CVE-2026-45071

CVE-2026-45071 affects the Symfony PHP framework (dom-crawler component). Before patches, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true prior to loadXML(), re-enabling external entity resolution and allowing attacker-controlled XML to resolve file:// URIs (local file disclosur...

8.7CVSS6.1AI score0.00052EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
Nuclei
Nuclei
added yesterday100 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS6.3AI score0.00874EPSS
Exploits1References3
NVD
NVD
added 2026/07/08 9:16 a.m.10 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 7:36 a.m.6 views

EUVD-2026-42197

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56358

Name of the Vulnerable Software and Affected Versions Foxit Reader affected versions not specified Description An XML External Entity XXE issue exists where the application processes files that are not strictly in a structurally valid PDF format. By opening a malicious document disguised as a PDF...

6.5CVSS6.1AI score0.00205EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:34 p.m.6 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 8:34 p.m.34 views

CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 12:21 a.m.6 views

OSV-2026-995 Heap-double-free in dxf_entities_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528859714 Crash type: Heap-double-free Crash state: dxfentitiesread dwgreaddxf llvmfuzz.c...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:12 p.m.8 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.27 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 6:38 p.m.4 views

DRUPAL-CONTRIB-2026-056

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools. The module does not sufficiently check the required permissions when a tool loads content entities. This vulnerability is mitigated by the fact that an agent must be configured to use the affected...

4.2CVSS5.9AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 4:28 p.m.3 views

CVE-2026-52980 sched/fair: Clear rel_deadline when initializing forked entities

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 4:28 p.m.8 views

CVE-2026-52980

CVE-2026-52980 concerns the Linux kernel sched/fair subsystem. Connected sources describe a bug where, when a new sched_entity is forked, its se-&gt;rel_deadline may still be set and cause the scheduler to treat the deadline as relative, converting it to an absolute value by adding the current vr...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder