Lucene search
K

302 matches found

Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-9791 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to the XMLParser component in the JetBrains TeamCity system, which has an incorrect restriction on XML links to external objects. This can allow a remote attacker ...

7.1CVSS6.9AI score0.00232EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.12 views

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS JAVA, which stems from a lack of validation of XML inputs, allowing an unauthenticated...

5.3CVSS6.9AI score0.00424EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/12/05 5:9 a.m.20 views

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...

10CVSS10AI score0.94878EPSS
Exploits11
NVD
NVD
added 2024/11/18 8:15 p.m.27 views

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS0.00718EPSS
Exploits1References3
OSV
OSV
added 2024/11/18 7:48 p.m.11 views

CVE-2024-48917 XXE in PHPSpreadsheet's XLSX reader

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS6.7AI score0.00718EPSS
Exploits1References5
NVD
NVD
added 2024/11/18 5:15 p.m.42 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS0.0076EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/18 5:3 p.m.31 views

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS7.2AI score0.0076EPSS
Exploits1References4
OSV
OSV
added 2024/11/18 5:3 p.m.18 views

CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS6.6AI score0.0076EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.2 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleanup program and implement an XML external entity attack...

7.5CVSS6.8AI score0.0076EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleaner and implement an XML external entity attack...

7.5CVSS6.9AI score0.00718EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.4 views

PT-2024-31744

Name of the Vulnerable Software and Affected Versions: TopQuadrant TopBraid EDG versions prior to 8.0.1 Description: The issue allows an authenticated attacker to upload an XML DTD file and execute JavaScript, enabling them to read local files or access URLs, which is an example of an XML Externa...

5CVSS6.5AI score0.00278EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.3 views

ClassGraph Security Vulnerability

ClassGraph is a super-fast parallel class path scanner and module scanner from the ClassGraph open source. A security vulnerability exists in ClassGraph versions prior to 4.8.112 that stems from an inability to defend against XML External Entity XXE attacks...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References5
OSV
OSV
added 2024/04/16 12:15 a.m.4 views

DEBIAN-CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS7.5AI score0.00807EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-18059 · Langchain · Langchain

Name of the Vulnerable Software and Affected Versions: LangChain affected versions not specified Description: The issue concerns the XMLOutputParser in LangChain, which utilizes the etree module from the XML parser in the standard Python library. This library has some XML vulnerabilities, making ...

5.9CVSS6AI score0.0077EPSS
Exploits1References14
SUSE CVE
SUSE CVE
added 2024/03/09 3:55 a.m.2 views

SUSE CVE-2024-23525

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the noxxe option of XML::Twig...

6.5CVSS7AI score0.00776EPSS
Exploits1References2
NCSC
NCSC
added 2024/02/09 12:0 a.m.4 views

Vulnerability fixed in Ivanti Connect Secure and Policy Secure Gateways

Ivanti has fixed a vulnerability in Ivanti Connect Secure, Policy Secure and ZTA gateway. The vulnerability allows a malicious party to use an XML External Entity attack to gain access to system resources without having the required authentication. The vulnerability was discovered during the...

8.3CVSS7.1AI score0.94721EPSS
Exploits1
OSV
OSV
added 2024/02/06 7:15 a.m.4 views

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

6.5CVSS5.8AI score0.00379EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.4 views

Magic xpi Integration Platform Security Vulnerability

Magic xpi Integration Platform is an integration platform from Magic designed to simplify integration between enterprise applications and systems. A security vulnerability exists in Magic xpi Integration Platform version 4.13.4. An attacker exploited the vulnerability to perform an xml external...

6.5CVSS6.8AI score0.00379EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.5 views

Spreadsheet::ParseXLSX Security Vulnerability

Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX versions prior to 0.30 that stems from allowing XML External Entity References XXE attacks...

6.5CVSS6.9AI score0.00776EPSS
Exploits1References4
OSV
OSV
added 2023/11/29 2:15 p.m.3 views

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS5.8AI score0.00844EPSS
Exploits0References2
Rows per page
Query Builder