CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA version 2.0, which stems from incorrect operation of the XML processing component in file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx, which could lead to an XML external...

9.8CVSS7.5AI score0.00494EPSS

Exploits1References5

Cvelist•added 2025/09/04 8:7 a.m.•10 views

CVE-2025-6984 Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...

7.5CVSS0.01531EPSS

Exploits0References1

Redos•added 2025/08/25 12:0 a.m.•2 views

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

8.2CVSS7.3AI score0.02886EPSS

Exploits1

Tenable Nessus•added 2025/08/24 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2016-2175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External...

7.8CVSS7.3AI score0.04519EPSS

Exploits0References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2016-10127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response. CVE-2016-10127 Note that Nessus relies on...

9CVSS8.1AI score0.02133EPSS

Exploits0References2

Tenable Nessus•added 2025/08/11 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2024-40896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers t...

9.1CVSS7.3AI score0.01172EPSS

Exploits0References2

CNNVD•added 2025/06/10 12:0 a.m.•3 views

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from improper URI validation, which could allow an unauthorized attacker to perform an XML external entit...

9.3CVSS6.7AI score0.00262EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by