11 matches found
CVE-2026-41141
EspoCRM prior to 9.3.5 is vulnerable via POST /api/v1/EmailTemplate/:id/prepare where providing an emailAddress lets an authenticated user with EmailTemplate read permission resolve the owning entity (Contact/Lead/Account/User) without ACL checks, leaking all field values and bypassing read: own/...
EspoCRM 安全漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.5 contained security vulnerabilities. These vulnerabilities...
OESA-2026-1297 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data.CVE-2026-24515 In...
EUVD-2022-2842
Malicious code in bioql PyPI...
GHSA-JJ54-8F66-C5PC [XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
Summary GeoServer Web Feature Service WFS web service was found to be vulnerable to GeoTools CVE-2025-30220 XML External Entity XXE processing attack. It is possible to trigger the parsing of external DTDs and entities, bypassing standard entity resolvers. This allows for Out-of-Band OOB data...
CVE-2021-32754
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...
DRUPAL-CONTRIB-2024-007
The Entity Delete Log module tracks the deletion of configured entity types, such as node or comments. It does not add sufficient permission to the log report page, allowing an attacker to view information from deleted entities...
PT-2024-40759 · Git +1 · Libredwg
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details include the crash state with functions such as dwg free common entity data, dwg free...
Heap overflow
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwgencodeentity in commonentitydata.spec...
CVE-2019-20913
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwgencodeentity in commonentitydata.spec...
RestWS - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024
RestWS makes Drupal Entity data available in a REST API. The module doesn’t sufficiently check for access to properties when filtering queries. This vulnerability is mitigated by the fact that an attacker must have a role that allows them to access an entity type with access-controlled properties...