302 matches found
PT-2024-9791 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to the XMLParser component in the JetBrains TeamCity system, which has an incorrect restriction on XML links to external objects. This can allow a remote attacker ...
SAP NetWeaver AS 代码问题漏洞
SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS JAVA, which stems from a lack of validation of XML inputs, allowing an unauthenticated...
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...
CVE-2024-48917
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...
CVE-2024-48917 XXE in PHPSpreadsheet's XLSX reader
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...
CVE-2024-47873
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...
CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...
CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...
PhpSpreadsheet 代码问题漏洞
PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleanup program and implement an XML external entity attack...
PhpSpreadsheet 代码问题漏洞
PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleaner and implement an XML external entity attack...
PT-2024-31744
Name of the Vulnerable Software and Affected Versions: TopQuadrant TopBraid EDG versions prior to 8.0.1 Description: The issue allows an authenticated attacker to upload an XML DTD file and execute JavaScript, enabling them to read local files or access URLs, which is an example of an XML Externa...
ClassGraph Security Vulnerability
ClassGraph is a super-fast parallel class path scanner and module scanner from the ClassGraph open source. A security vulnerability exists in ClassGraph versions prior to 4.8.112 that stems from an inability to defend against XML External Entity XXE attacks...
DEBIAN-CVE-2024-3572
The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...
PT-2024-18059 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain affected versions not specified Description: The issue concerns the XMLOutputParser in LangChain, which utilizes the etree module from the XML parser in the standard Python library. This library has some XML vulnerabilities, making ...
SUSE CVE-2024-23525
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the noxxe option of XML::Twig...
Vulnerability fixed in Ivanti Connect Secure and Policy Secure Gateways
Ivanti has fixed a vulnerability in Ivanti Connect Secure, Policy Secure and ZTA gateway. The vulnerability allows a malicious party to use an XML External Entity attack to gain access to system resources without having the required authentication. The vulnerability was discovered during the...
CVE-2023-52239
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...
Magic xpi Integration Platform Security Vulnerability
Magic xpi Integration Platform is an integration platform from Magic designed to simplify integration between enterprise applications and systems. A security vulnerability exists in Magic xpi Integration Platform version 4.13.4. An attacker exploited the vulnerability to perform an xml external...
Spreadsheet::ParseXLSX Security Vulnerability
Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX versions prior to 0.30 that stems from allowing XML External Entity References XXE attacks...
CVE-2023-49656
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...